Feeds

Network Solutions customers hit by mass hack attack

Second mystery outbreak in a week

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Network Solutions' security team is battling a mysterious attack that has silently infected a "huge" number of the websites it hosts with malicious code.

The mass compromise affects sites running WordPress, Joomla, and plain-vanilla HTML, according to reports here and here from Securi Security and Stop Malvertising. Many of the infected sites include encoded javascript that secretly attempts to install malware on visitors' computers.

The attacks are responsible for about 3.7 percent of web-based malware encounters blocked by ScanSafe, a security service owned by Cisco. About 17.5% of ScanSafe enterprise customers are affected. "Translated, that means that while it's not impacting the majority of enterprise users, for those enterprises it is impacting the rate of encounters is significant," ScanSafe's Mary Landesman wrote in an email to The Register.

The outbreak comes less than a week after another mass hack hit Network Solutions-hosted websites running publishing software from WordPress. That infection touched off a round of finger-pointing and recriminations among researchers and executives from Network Solutions and WordPress over who was responsible for the security lapse.

"The bottom line - although Network Solutions criticized the media last week, for blaming this on Network Solutions, or WordPress itself, the company should realize that for the sake of its reputation it should always use the following mentality - 'protect the end user from himself' when offering any of its services," researcher Dancho Danchev wrote on Sunday.

Network Solutions admins are aware of the attack and are working to remove the errant code from customer websites, Shashi Bellamkonda, an employee with the company, wrote in a post headlined "We feel your pain." He said the company wouldn't release technical details of the attack out of concern they would only help the perpetrators. He also recommended users change their passwords.

That suggestion didn't sit well with some Network Solutions customers.

"This is completely ridiculous," a customer named Chris wrote in response. "We have spent at least a hundred hours over the past few weeks trying to repair our site, changing passwords at least 15 or 20 times for Network Solutions and for our blog, only to have it halfway working again. Now, before it's even 100% restored, you let them back in? Who's going to compensate me for the near complete loss of traffic and ad revenue from this problem?"

It remained unclear exactly how many Network Solutions customers were affected by the mass compromise. Stop Malvertising said the infection hit "a huge number of websites," while Securi Security said only that "more than 50 sites" were hacked with malicious javascript.

Network Solutions spokeswoman Susan Wade said the attack is "affecting a subset of our hosting customers, so it's not a whole universe of our hosting customers." But she declined to provide even a rough estimate of the percentage. The company won't release additional details until it had time to complete a more thorough investigation, she added. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.