Feeds

Network Solutions customers hit by mass hack attack

Second mystery outbreak in a week

  • alert
  • submit to reddit

Website security in corporate America

Network Solutions' security team is battling a mysterious attack that has silently infected a "huge" number of the websites it hosts with malicious code.

The mass compromise affects sites running WordPress, Joomla, and plain-vanilla HTML, according to reports here and here from Securi Security and Stop Malvertising. Many of the infected sites include encoded javascript that secretly attempts to install malware on visitors' computers.

The attacks are responsible for about 3.7 percent of web-based malware encounters blocked by ScanSafe, a security service owned by Cisco. About 17.5% of ScanSafe enterprise customers are affected. "Translated, that means that while it's not impacting the majority of enterprise users, for those enterprises it is impacting the rate of encounters is significant," ScanSafe's Mary Landesman wrote in an email to The Register.

The outbreak comes less than a week after another mass hack hit Network Solutions-hosted websites running publishing software from WordPress. That infection touched off a round of finger-pointing and recriminations among researchers and executives from Network Solutions and WordPress over who was responsible for the security lapse.

"The bottom line - although Network Solutions criticized the media last week, for blaming this on Network Solutions, or WordPress itself, the company should realize that for the sake of its reputation it should always use the following mentality - 'protect the end user from himself' when offering any of its services," researcher Dancho Danchev wrote on Sunday.

Network Solutions admins are aware of the attack and are working to remove the errant code from customer websites, Shashi Bellamkonda, an employee with the company, wrote in a post headlined "We feel your pain." He said the company wouldn't release technical details of the attack out of concern they would only help the perpetrators. He also recommended users change their passwords.

That suggestion didn't sit well with some Network Solutions customers.

"This is completely ridiculous," a customer named Chris wrote in response. "We have spent at least a hundred hours over the past few weeks trying to repair our site, changing passwords at least 15 or 20 times for Network Solutions and for our blog, only to have it halfway working again. Now, before it's even 100% restored, you let them back in? Who's going to compensate me for the near complete loss of traffic and ad revenue from this problem?"

It remained unclear exactly how many Network Solutions customers were affected by the mass compromise. Stop Malvertising said the infection hit "a huge number of websites," while Securi Security said only that "more than 50 sites" were hacked with malicious javascript.

Network Solutions spokeswoman Susan Wade said the attack is "affecting a subset of our hosting customers, so it's not a whole universe of our hosting customers." But she declined to provide even a rough estimate of the percentage. The company won't release additional details until it had time to complete a more thorough investigation, she added. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.