Researchers at Armorize Technologies found a widget was responsible for affecting as many as 5 million parked domains belonging to customers of Network Solutions.
Researchers at Armorize Technologies reported that as many as 5 million
parked domains belonging to customers of Network Solutions fell victim to an
infected widget and were serving up a side order of malware.
Armorize has notified Network Solutions, which told eWEEK it is
investigating the situation and can't confirm how many domains may have been
affected. According to Armorize, however, the now-disabled widget had been
installed on at least
500,000 parked domains, and possibly 5 million.
Parked domains are domains that have been registered but have no
owner-provided content. According to Armorize CTO
Wayne Huang, many of his company's customers were found
to be serving malware the company linked to the "Small
Business Success Index" widget by Network Solutions.
"[The widget] was hacked, as proved by the webshell that Google
caches," Huang told eWEEK. "The attacker had full control."
Google lists more than 500,000 results when keywords for parked domains are
used, while Yahoo search lists some 5 million.
The widget launched a drive-by attack against users running Internet
Explorer, Google Chrome, Firefox and Opera. The malware modifies the registry,
monitors for the browsers, redirects search engine users and generates pop-up
advertisements depending on whether certain search terms are entered. It also
renames itself to a list of popular software programs and calls out to control
URLs for further instructions.
According to Network Solutions, the widget was used to provide small
business tips on pages that were under construction.
"We have removed the widget from those pages and continue to check and
monitor to ensure security. ... If you have downloaded the GrowSmartBusiness
widget to your website, we recommend you delete that widget and scan your site
for malware," the company said in an alert.