If you follow us on twitter you may have noticed us mention something about the recent Guruincite(.)com Magento malware infection that has hit several stores. A couple of our partners were infected by this virus. We thought we'd write up some stuff for you to learn how to detect and remove the malware in case you haven't done so yet.
The good thing is that detection of this is really easy. To see if your store is infected simply view he page source. All you have to do is right click on any page in the frontend of the store, go to View Page Source and scroll to the bottom.
Here's how to do this in Google Chrome:
Here's how it looks if you're infected versus not infected:
The most simple way to clean the infection is to follow these instructions. You don't need a developer:
SUPEE-6788 will address several issues associated with the vulnerabilities, however much of the code is not reverse-compatible, so extra work may need to be done to make the extensions and customizations you have compatible with this security patch.
Until then you just have to keep checking your site to make sure the source does not resemble what we've described above
It's not 100% clear but the code decrypted and shown on Sucuri's site shows that it sends back all frontend input to the guruincite server. This could mean customer credit cards, passwords, and anything else sensitive. If your site was infected, it seems reasonable to assume that any new customer sensitive data since the infection has been compromised by the hacker.
Also, if you don't remove the malware quickly Google will start blocking you from search results and warning browsers about going to your website. Google has apparently already blocked over 7000 websites. That could mean bad things for your SEO score.
Rest assured however, if your site is trying to send data back to guruincsite(dot)com then it won't be able to since we have already contact the registrar and they suspended the domain's account.