Security experts have discovered that thousands of websites running the eBays Magento e-commerce platform have been compromised and used to deliver malware. The threat actors compromised Magento installations by exploiting a zero-day directory traversal flaw in the third-party mass importer tool Magmi.com. The same campaign was also monitored by the researchers at Malwarebytes which focused their analysis on the client side. The attackers injected malicious scripts that were used to create iframes from the guruincsite.com domain. The domain was also used to host a Neutrino exploit kit.”]
Source: http://securityaffairs.co/wordpress/41219/cyber-crime/magento-websites-malware-campaign.html