Feeds

Network Solutions customers hit by mass hack attack

Second mystery outbreak in a week

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Network Solutions' security team is battling a mysterious attack that has silently infected a "huge" number of the websites it hosts with malicious code.

The mass compromise affects sites running WordPress, Joomla, and plain-vanilla HTML, according to reports here and here from Securi Security and Stop Malvertising. Many of the infected sites include encoded javascript that secretly attempts to install malware on visitors' computers.

The attacks are responsible for about 3.7 percent of web-based malware encounters blocked by ScanSafe, a security service owned by Cisco. About 17.5% of ScanSafe enterprise customers are affected. "Translated, that means that while it's not impacting the majority of enterprise users, for those enterprises it is impacting the rate of encounters is significant," ScanSafe's Mary Landesman wrote in an email to The Register.

The outbreak comes less than a week after another mass hack hit Network Solutions-hosted websites running publishing software from WordPress. That infection touched off a round of finger-pointing and recriminations among researchers and executives from Network Solutions and WordPress over who was responsible for the security lapse.

"The bottom line - although Network Solutions criticized the media last week, for blaming this on Network Solutions, or WordPress itself, the company should realize that for the sake of its reputation it should always use the following mentality - 'protect the end user from himself' when offering any of its services," researcher Dancho Danchev wrote on Sunday.

Network Solutions admins are aware of the attack and are working to remove the errant code from customer websites, Shashi Bellamkonda, an employee with the company, wrote in a post headlined "We feel your pain." He said the company wouldn't release technical details of the attack out of concern they would only help the perpetrators. He also recommended users change their passwords.

That suggestion didn't sit well with some Network Solutions customers.

"This is completely ridiculous," a customer named Chris wrote in response. "We have spent at least a hundred hours over the past few weeks trying to repair our site, changing passwords at least 15 or 20 times for Network Solutions and for our blog, only to have it halfway working again. Now, before it's even 100% restored, you let them back in? Who's going to compensate me for the near complete loss of traffic and ad revenue from this problem?"

It remained unclear exactly how many Network Solutions customers were affected by the mass compromise. Stop Malvertising said the infection hit "a huge number of websites," while Securi Security said only that "more than 50 sites" were hacked with malicious javascript.

Network Solutions spokeswoman Susan Wade said the attack is "affecting a subset of our hosting customers, so it's not a whole universe of our hosting customers." But she declined to provide even a rough estimate of the percentage. The company won't release additional details until it had time to complete a more thorough investigation, she added. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.