This article is more than 1 year old

Network Solutions customers hit by mass hack attack

Second mystery outbreak in a week

Network Solutions' security team is battling a mysterious attack that has silently infected a "huge" number of the websites it hosts with malicious code.

The mass compromise affects sites running WordPress, Joomla, and plain-vanilla HTML, according to reports here and here from Securi Security and Stop Malvertising. Many of the infected sites include encoded javascript that secretly attempts to install malware on visitors' computers.

The attacks are responsible for about 3.7 percent of web-based malware encounters blocked by ScanSafe, a security service owned by Cisco. About 17.5% of ScanSafe enterprise customers are affected. "Translated, that means that while it's not impacting the majority of enterprise users, for those enterprises it is impacting the rate of encounters is significant," ScanSafe's Mary Landesman wrote in an email to The Register.

The outbreak comes less than a week after another mass hack hit Network Solutions-hosted websites running publishing software from WordPress. That infection touched off a round of finger-pointing and recriminations among researchers and executives from Network Solutions and WordPress over who was responsible for the security lapse.

"The bottom line - although Network Solutions criticized the media last week, for blaming this on Network Solutions, or WordPress itself, the company should realize that for the sake of its reputation it should always use the following mentality - 'protect the end user from himself' when offering any of its services," researcher Dancho Danchev wrote on Sunday.

Network Solutions admins are aware of the attack and are working to remove the errant code from customer websites, Shashi Bellamkonda, an employee with the company, wrote in a post headlined "We feel your pain." He said the company wouldn't release technical details of the attack out of concern they would only help the perpetrators. He also recommended users change their passwords.

That suggestion didn't sit well with some Network Solutions customers.

"This is completely ridiculous," a customer named Chris wrote in response. "We have spent at least a hundred hours over the past few weeks trying to repair our site, changing passwords at least 15 or 20 times for Network Solutions and for our blog, only to have it halfway working again. Now, before it's even 100% restored, you let them back in? Who's going to compensate me for the near complete loss of traffic and ad revenue from this problem?"

It remained unclear exactly how many Network Solutions customers were affected by the mass compromise. Stop Malvertising said the infection hit "a huge number of websites," while Securi Security said only that "more than 50 sites" were hacked with malicious javascript.

Network Solutions spokeswoman Susan Wade said the attack is "affecting a subset of our hosting customers, so it's not a whole universe of our hosting customers." But she declined to provide even a rough estimate of the percentage. The company won't release additional details until it had time to complete a more thorough investigation, she added. ®

More about

TIP US OFF

Send us news


Other stories you might like