Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security The Internet Windows News Technology

Network Solutions Sites Hacked Again 68

Posted by Soulskill from the at-least-they're-consistent dept.
CWmike writes "A week after Web hosting company Network Solutions dealt with a large-scale infection of WordPress-driven blogs, the company acknowledged that other sites it hosts have been compromised. 'We have received reports that Network Solutions customers are seeing malicious code added to their websites and we are really sorry for this experience,' said spokesman Shashi Bellamkonda in a blog post. 'At this time, since anything we say in public may help the perpetrators, we are unable to provide details.' Securi Security Labs said on Sunday that at least 50 sites hosted by Networks Solutions had been hacked, and that malicious JavaScript injected into those sites was redirecting unsuspecting users to a Ukrainian attack server. The same server was involved in the earlier attacks against Network Solutions-hosted blogs. According to the StopMalvertising blog, the attacks planted a rogue IFRAME on the hacked sites to shunt users to the attack server. That server then launches multiple exploits, including an attack kit of ActiveX exploits and three more leveraging Adobe Reader vulnerabilities, against visiting PCs. Several browsers, including IE8, Chrome and Firefox, display warnings when users are redirected to the attack site."
This discussion has been archived. No new comments can be posted.

Network Solutions Sites Hacked Again More

Network Solutions Sites Hacked Again

Comments Filter:

  • Re:Broswers Display Warnings (Score:1, Informative)

    by Anonymous Coward on Monday April 19, 2010 @04:48PM (#31901926)
    What part of

    including an attack kit of ActiveX exploits

    did you misunderstand?

  • Re:happened to a friend's blog (Score:1, Informative)

    by Anonymous Coward on Monday April 19, 2010 @04:51PM (#31901970)

    Yes.

  • This is no joke.. all of my NetSol sites hacked (Score:4, Informative)

    by OctavianMH ( 61823 ) <matthewhensrud&gmail,com> on Monday April 19, 2010 @05:41PM (#31902606)

    One client of mine had about 15 sites hosted on NetSol, every one was hacked.

    The bot is:
    1) Checking for any "index." file (index_ files were unaffected) with any extention
    2) Searching for a tag
    3) Inserting a pile of obfuscated javascript after the tag.

    If you have any clients on netsol, DO check them, NOW.

    @mbhnyc

  • Re:Broswers Display Warnings (Score:3, Informative)

    by 0123456 ( 636235 ) on Monday April 19, 2010 @05:53PM (#31902808)

    Have fun: you don't need to click on anything to get owned by Flash malware served from an advertising site.

  • Re:Those lying dogs (Score:3, Informative)

    by EXrider ( 756168 ) on Monday April 19, 2010 @05:54PM (#31902832)

    Their admins must be completely incompetent. It's ridiculous that weeks later they can't figure out what's going on.

    We had an issue earlier this year with emails going to Network Solutions hosted domains being bounced because:

    "205.178.149.7 failed after I sent the message. Remote host said: 550 5.6.0 Lone CR or LF in body (see RFC2822 section 2.3)"

    Pretty self explanatory, except there WEREN'T any lone CRs or LFs in the message body! Some googling revealed that misconfigured Domino servers are prone to falsely reject certain "rich text" emails coming from Outlook with a legal disclaimer appended to them. The temporary workaround was to re-send the message in plaintext format since NS wasn't in any hurry to fix the problem. Our spam filtering provider argued with them for a while and it was eventually resolved, several freakin months later.

Slashdot Top Deals

"A car is just a big purse on wheels." -- Johanna Reynolds

Close