Forgot your password?
typodupeerror
Security The Internet News

5 Million Domains Serving Malware Via Network Solutions 67

Posted by Soulskill
from the going-for-the-gusto dept.
An anonymous reader writes "A compromised widget provided by Network Solutions was serving malware on otherwise legitimate websites. But, as bad as this discovery was, it was overshadowed a couple of days later by another revelation: the widget is automatically included on every 'parked domain' by Network Solutions! Searches on Google and Yahoo! revealed 500,000 and 5,000,000 domains affected and serving malware, respectively. A manual check of some 200 parked domains on the list showed that all of them were provided with the malware-serving widget." The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later.
This discussion has been archived. No new comments can be posted.

5 Million Domains Serving Malware Via Network Solutions

Comments Filter:
  • Network Solutions (Score:5, Insightful)

    by ravenspear (756059) on Monday August 16, 2010 @05:56PM (#33268844)
    used to be the place to go for domains.

    Now they are completely redundant.
    • Re:Network Solutions (Score:5, Interesting)

      by sarysa (1089739) on Monday August 16, 2010 @06:16PM (#33269058)
      I'm not surprised by TFA, but I'm not in the know when it comes to which domain parkers are "legitimate" and which aren't. Regardless of their status, accidentally hitting a parked domain on a Windows box (i.e. my work PC) has been a bit of a gut-wrenching experience for a number of years now...
    • Network Solutions (Score:2, Redundant)
      by ravenspear (756059) on 08-16-10 14:56 (#33268844)
      used to be the place to go for domains.

      Now they are completely redundant.

      • by ls671 (1122017) *

        Maybe some moderator thought he could get his moderation modded funny...

        • Re: (Score:3, Funny)

          by drinkypoo (153816)

          He did. I like karma because it permits me to speak my mind (which more often than not costs me karma) but what I like more than karma is a discussion about something I find interesting. I would rather have comments than positive mods... but send more positive mods anyway ;)

    • used to be the place to go for domains.

      Now they are completely redundant.

      Actually, now they are ironically recursive.

      Their "Network Solutions" are serving malware, which is a "Network Problem" that then requires another "Network Solution"; This was overshadowed by another of their past "Network Problems" so that the current article about "Network Solutions" causing "Network Problems" was overlooked.

    • Re:Network Solutions (Score:4, Informative)

      by theskipper (461997) on Monday August 16, 2010 @08:27PM (#33270282)

      Used to be the place to go...until competition provided some choice back in the early '00s.

      Seriously, by any metric Network Solutions has always been the worst registrar to deal with. Price, customer service, etc., the stories are legendary.

      • "back in the early '00s."

        So - how do YOU pronounce that? Early oughts? Early oh's? Early two thousands? I remember my grandparents and grand uncles and aunts talking about their younger days. Just like the prelude to the Mr. Bojangles song, it was "Back in 'ought six, we were so poor . . . "

    • Network Solutions used to be the place to go for domains. Now they are completely redundant.

      I'd argue "irrelevant", not "redundant". If their prices were sane as they provided the same commoditized service, then they'd be redundant. In this day and age, the default parking provider should probably be someone like GoDaddy. If you have any content, stick with DreamHost or some dedicated colocation.

      I've been a happy DreamHost customer since 2006 (when I relinquished control of a dedicated service on a comm

  • by Abstrackt (609015) on Monday August 16, 2010 @05:59PM (#33268884)

    "The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later."

    Sucks that it happened, but at least they did something about it as soon as they found out.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      "The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later."

      Sucks that it happened, but at least they did something about it as soon as they found out.

      NOT surprised from these guys.
      They have a bad track record and continue to indulge in dirty practices like domain stealing.

    • by steveo777 (183629) on Monday August 16, 2010 @06:19PM (#33269088) Homepage Journal

      Can you imagine being the people who were responsible for the widget? Not that I like them, but they must be pretty proud that it worked for as long as it did...

  • Yet another reason to use the new RPZ in BIND [slashdot.org] to blacklist all parked pages. Not really what anyone was hoping for though.
  • by vlueboy (1799360) on Monday August 16, 2010 @06:00PM (#33268900)

    Sad that this malware problem is still not going to be enough to outlaw or reduce parked domains. Heck, network solutions doesn't even get a slap in the wrist for failing to check their modules.

    Also, governments hate spending money on laws to regulate the internet... how about we let the current de-facto rulers of the internet do it: Search engines and browsers should do even more to stop malware domains from ever appearing in results or being reachable?

    • by rotide (1015173) on Monday August 16, 2010 @06:11PM (#33269008)
      Once you start blocking "for the good of x" someone will come along and complain that "y" should be on that list too or yet another person will come along and claim that it is unfair that their site "x" was blocked. Staying neutral and allowing anything to be displayed as long as it is spider-able keeps them free of censoring/uncensoring and/or policing. Simply getting addons to your favorite browser and/or using a DNS that filters the way you like it are the best solutions.
      • by vlueboy (1799360)

        I respecfully disagree: Nobody is going to complain because
        1) Parked domains are useless to anyone other than a potential buyer, who has no rights to the site at all
        2) Addons are annoying to apply AND keep updated if you have more than one username on your PC, one operating system, and one browser.

        The "neutrality" stance has already been proven weak: Google already warns us about a few malware sites, and they're the number one internet site according to Netcraft for the US.

        • by vlueboy (1799360)

          they're the number one internet site according to Netcraft for the US.

          Oops... s/Netcraft/ALEXA [alexa.com]/

    • by Kalriath (849904)

      Since Google is in the business [google.com] of "Domain Parking", I don't see them being interested in your idea.

  • And presumably we should now see a step function reduction in malware issues. I wonder if we will.
  • by noc007 (633443) on Monday August 16, 2010 @06:05PM (#33268944)

    I thought this was a known fact Network Solutions' parked pages served malware in one form or another. Back in July of last year I got some questions from an executive why the domain the company recently registered for was being blocked by the corporate web content filter. Turns out the Network Solutions parked page had an iframe that was serving malware from kolmic.com. I explained it and provided the parked page's html code with the offending code highlighted.

    Doing some Google searches showed that I wasn't the only one that had noticed this.

    • I had the same exact experience. The only issue was I had an exec that wasn't going to be pushed around by the IT guys. She ordered the filter relaxed. I only got my way when i told her i needed all such requests in writing as she was assuming the known risk i had just finished explaining to her.
  • by HangingChad (677530) on Monday August 16, 2010 @06:08PM (#33268972) Homepage

    I saw a couple of those ads, which was pretty funny to suddenly see a strange file tree on my Linux box. It was pretty scary. For a minute I thought my PC had been infected with Windows.

  • by Unordained (262962) <unordained_slash ... @pseudotheos.com> on Monday August 16, 2010 @06:09PM (#33268990) Homepage

    Is this analysis of r57shell [blogspot.com] still relevant?

  • by Anonymous Coward

    Apart from Internet Explorer and ActiveX, how the hell can a web page infect a computer via a Web browser?

    AFAIK Javascript can't write files to the OS, so how are they doing it?

    • Re: (Score:3, Interesting)

      by zonky (1153039)
      probably exploits via flash, or a windows image library.
    • by Culture20 (968837) on Monday August 16, 2010 @06:54PM (#33269426)

      Apart from Internet Explorer and ActiveX, how the hell can a web page infect a computer via a Web browser? AFAIK Javascript can't write files to the OS, so how are they doing it?

      You haven't seen any of the entries in mozilla's bugzilla DB with "arbitrary code execution"? http://www.mozilla.org/security/known-vulnerabilities/ [mozilla.org]
      Run any browser as an Admin-priviledged user (as many-many ordinary home users do), and you're going to get owned at some point. Mis-type a URL, and you've suddenly hit a Network Solutions holding site. Or a Google-ad will get pre-fetched, or, or, or.
      Javascript can't write to a file, but firefox can, and if it's made to run arbitrary code as a root/admin user, game over.

      • by bertok (226922)

        Indeed. There have even been vulnerabilities in the JPG and PNG image decoders!

        I wonder how practical it would be to write a fully functional browser entirely in a managed language like C# or Java.

        It's about time somebody tried!

      • by mrbcs (737902)
        A proper hosts file can help here. http://www.mvps.org/winhelp2002/hosts.htm/ [mvps.org]
      • by BitZtream (692029)

        Why do people keep saying 'admin privileged user' as if thats what it takes to be owned ...

        If you never login to your machine as more than a single user, root or not, and they exploit that user, you've been owned.

        You may be able to clean yourself with a simple rm -rf ~, but effectively they have all they need when they exploit any user account. Its a place to run code, steal user info and snoop around.

        Root isn't required or needed, its far easier to exploit general user accounts than trying to infect an en

        • by Viol8 (599362)

          "running as an admin or not isn't going to prevent you from getting owned,"

          Yes it is. With root you can hide binaries and mod libraries, hack the kernel, install your own apps etc etc. Try doing that with a standard user account and see how long it takes to get spotted.

          "Javascript exploits of an unprivileged user can still install a key logger that will get your root password, its not as quick, but its just as effective and will probably happen within a few days of the initial exploit anyway."

          Key loggers do

  • by MTTECHYBOY (799778) on Monday August 16, 2010 @06:24PM (#33269156)
    Network Solutions = Malware...??? Nothing new here
  • Damn it (Score:5, Interesting)

    by trifish (826353) on Monday August 16, 2010 @07:09PM (#33269532)

    If I disregard the fact that this is an obvious Slashvertisment for some obscure thing called "HackAlert", let me tell you that I don't care WHICH or HOW MANY sites serve malware. There will always be sites serving malware, damn it!

    What I care about (and this was -- as usual -- NOT answered anywhere in TFA/Slashvertisments), are these questions:

    1. Does the served malware exploit a vulnerability for which no patch exists?
    2. If 1 is true, what browsers and operating systems are affected?

    If any kind soul knows and posts this information, you are bound to get some positive karma. Thanks.

  • Are there some honest and reliable domain name registrars out there? I'd like to register a domain, but I'm not sure where.
    • I use 1&1 [1and1.com]. Their prices are lower than the competition and I've received great customer service. I haven't caught them doing anything scummy, like GoDaddy has been caught doing (Ignoring ICANN rules [slashdot.org] and Requiring root passwords [slashdot.org]). There are many good registrars out there, and many scummy ones. I'd recommend looking around, and be aware that price isn't the only important thing.
      • by 16384 (21672)
        Thanks for the suggestion but a cursory check on 1&1 triggered my alarm bells... too many upsells, it's not clear what you'll pay after the first year and there are some warnings against it on webhostingtalk.com
    • I've been moving my stuff to dyndns.org, they're cheaper than my previous registrar (Register.com) and seem honest enough. I also use their Dynamic DNS services too, so it's handy.

      However, when you think about it, what defines a good/bad registrar? Network Solutions might not have policed their parked sites well, but it doesn't sound like they did it maliciously. They messed up, someone missed something... for a few months... or a year or more... yeah, pretty bad f'up... but I think that's more stupid tha

  • I found out a while back that if NS thinks your web dns is messed up, they divert your web page to a parking page without telling you. That is bad enough, but worse, the parking page they set up , sends browsers to your competitors. If your business is selling auto-widgets, they do an automatic search, and provide alternative auto-widget vendors on the parking page. This is bad. You pay money to promote your business. and pay to promote your domain, and when potential clients get to your page, they get sent
  • How does one of the biggest domain provider's end up being hacked, I understand if the website hosted on their domain was serving it up because of their own coding error, but a widget that they themselves created for their customers to provide content gets hacked, does not really leave me to impressed. Better start checking all regular domains being hosted with them, to see if I visit them or not....wonder if /. is one such customer?

To understand a program you must become both the machine and the program.

Working...