Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security The Internet News

5 Million Domains Serving Malware Via Network Solutions 67

Posted by Soulskill from the going-for-the-gusto dept.
An anonymous reader writes "A compromised widget provided by Network Solutions was serving malware on otherwise legitimate websites. But, as bad as this discovery was, it was overshadowed a couple of days later by another revelation: the widget is automatically included on every 'parked domain' by Network Solutions! Searches on Google and Yahoo! revealed 500,000 and 5,000,000 domains affected and serving malware, respectively. A manual check of some 200 parked domains on the list showed that all of them were provided with the malware-serving widget." The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later.
This discussion has been archived. No new comments can be posted.

5 Million Domains Serving Malware Via Network Solutions More

5 Million Domains Serving Malware Via Network Solutions

Comments Filter:

  • I thought this was well known (Score:5, Informative)

    by noc007 ( 633443 ) on Monday August 16, 2010 @06:05PM (#33268944)

    I thought this was a known fact Network Solutions' parked pages served malware in one form or another. Back in July of last year I got some questions from an executive why the domain the company recently registered for was being blocked by the corporate web content filter. Turns out the Network Solutions parked page had an iframe that was serving malware from kolmic.com. I explained it and provided the parked page's html code with the offending code highlighted.

    Doing some Google searches showed that I wasn't the only one that had noticed this.

  • Re:Malware via browsers? (Score:5, Informative)

    by Culture20 ( 968837 ) on Monday August 16, 2010 @06:54PM (#33269426)

    Apart from Internet Explorer and ActiveX, how the hell can a web page infect a computer via a Web browser? AFAIK Javascript can't write files to the OS, so how are they doing it?

    You haven't seen any of the entries in mozilla's bugzilla DB with "arbitrary code execution"? http://www.mozilla.org/security/known-vulnerabilities/ [mozilla.org]
    Run any browser as an Admin-priviledged user (as many-many ordinary home users do), and you're going to get owned at some point. Mis-type a URL, and you've suddenly hit a Network Solutions holding site. Or a Google-ad will get pre-fetched, or, or, or.
    Javascript can't write to a file, but firefox can, and if it's made to run arbitrary code as a root/admin user, game over.

  • Re:Damn it (Score:4, Informative)

    by fishbowl ( 7759 ) on Monday August 16, 2010 @07:22PM (#33269656)

    Reading the Armorize blog, it sounds like this isn't just a tracking cookie dropper. They are showing a shell, a file editor, and a sql query runner. Also, they claim it reproduces itself which to my mind puts it into a narrower category of "malware" (the V-word).

  • Re:Network Solutions (Score:4, Informative)

    by theskipper ( 461997 ) on Monday August 16, 2010 @08:27PM (#33270282)

    Used to be the place to go...until competition provided some choice back in the early '00s.

    Seriously, by any metric Network Solutions has always been the worst registrar to deal with. Price, customer service, etc., the stories are legendary.

Slashdot Top Deals

"I've got some amyls. We could either party later or, like, start his heart." -- "Cheech and Chong's Next Movie"

Close