Whilst doing some routine work on a clients osCommerce (CRE Loaded) installation recently, we discovered that the site had been hacked with a hidden iframe appearing the description of every product and category description.

You can easily find out if you have been hacked by looking for "vcp-counter" in your product pages' source code.

If you find this code, your database will be infected, you will probably have unwanted files on your server and you may well be open to future attack.

Your anti-virus program might also pick up on this.

PM me if you discover this problem and would like more advice