ThreatSTOP subscribers are protected against visiting infected osComemrce sites - current google reports over 5,000,000 hits for the vulnerability. The ip address for the most prevalent domain ( is currently in our emergency feed, the one for the other domain ( has been in one of our feeds for a week and has now been added to our emergency feed as well.

What this means is that if, by some chance, someone behind a ThreatSTOP protected firewall accidentally visits one of the infected osCommerce sites the iframe that causes the redirect to the malware dropper location  will not load and thus the user is protected. It is likely (I have not confirmed this at the moment) that we already had the malware dropper IPs in our database but we now offer this additional layer of protection.