Feeds

Network Solutions customers hit by mass hack attack

Second mystery outbreak in a week

  • alert
  • submit to reddit

Intelligent flash storage arrays

Network Solutions' security team is battling a mysterious attack that has silently infected a "huge" number of the websites it hosts with malicious code.

The mass compromise affects sites running WordPress, Joomla, and plain-vanilla HTML, according to reports here and here from Securi Security and Stop Malvertising. Many of the infected sites include encoded javascript that secretly attempts to install malware on visitors' computers.

The attacks are responsible for about 3.7 percent of web-based malware encounters blocked by ScanSafe, a security service owned by Cisco. About 17.5% of ScanSafe enterprise customers are affected. "Translated, that means that while it's not impacting the majority of enterprise users, for those enterprises it is impacting the rate of encounters is significant," ScanSafe's Mary Landesman wrote in an email to The Register.

The outbreak comes less than a week after another mass hack hit Network Solutions-hosted websites running publishing software from WordPress. That infection touched off a round of finger-pointing and recriminations among researchers and executives from Network Solutions and WordPress over who was responsible for the security lapse.

"The bottom line - although Network Solutions criticized the media last week, for blaming this on Network Solutions, or WordPress itself, the company should realize that for the sake of its reputation it should always use the following mentality - 'protect the end user from himself' when offering any of its services," researcher Dancho Danchev wrote on Sunday.

Network Solutions admins are aware of the attack and are working to remove the errant code from customer websites, Shashi Bellamkonda, an employee with the company, wrote in a post headlined "We feel your pain." He said the company wouldn't release technical details of the attack out of concern they would only help the perpetrators. He also recommended users change their passwords.

That suggestion didn't sit well with some Network Solutions customers.

"This is completely ridiculous," a customer named Chris wrote in response. "We have spent at least a hundred hours over the past few weeks trying to repair our site, changing passwords at least 15 or 20 times for Network Solutions and for our blog, only to have it halfway working again. Now, before it's even 100% restored, you let them back in? Who's going to compensate me for the near complete loss of traffic and ad revenue from this problem?"

It remained unclear exactly how many Network Solutions customers were affected by the mass compromise. Stop Malvertising said the infection hit "a huge number of websites," while Securi Security said only that "more than 50 sites" were hacked with malicious javascript.

Network Solutions spokeswoman Susan Wade said the attack is "affecting a subset of our hosting customers, so it's not a whole universe of our hosting customers." But she declined to provide even a rough estimate of the percentage. The company won't release additional details until it had time to complete a more thorough investigation, she added. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.