Magento is investigating reports of Magento sites being targeted by Guruincsite malware (Neutrino exploit kit). They have not identified a new attack vector at this time, but have found that nearly all impacted sites tested so far were vulnerable to a previously identified code execution issue for which Magento released a patch in early 2015; sites not vulnerable to that issue show other unpatched issues. The malware can also take advantage of situations where an administrative account has been compromised through weak passwords, phishing, or any other unpatched vulnerability that allows for administrative access, so it is important to check for fake user accounts and for leftover demo accounts.
Magento has posted full instructions for you to identify and fix the Guruincsite issue in the Magento Security Center. They strongly encourage you to immediately do a security health check for your site:
- Make sure that you have deployed all recent security patches
- Review admin users on your system and remove any that you do not recognize
- Check for malware or other vulnerabilities using magereport.com, a useful community project that is not affiliated with Magento
Hostway strongly recommends keeping your mission-critical applications updated to latest versions and patched for all ongoing security concerns.