5 Million Domains Serving Malware Via Network Solutions 67
An anonymous reader writes "A compromised widget provided by Network Solutions was serving malware on otherwise legitimate websites. But, as bad as this discovery was, it was overshadowed a couple of days later by another revelation: the widget is automatically included on every 'parked domain' by Network Solutions! Searches on Google and Yahoo! revealed 500,000 and 5,000,000 domains affected and serving malware, respectively. A manual check of some 200 parked domains on the list showed that all of them were provided with the malware-serving widget."
The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later.
Network Solutions (Score:5, Insightful)
Now they are completely redundant.
Re:Network Solutions (Score:5, Interesting)
Re:Network Solutions (Score:4, Insightful)
Genius Moderation FTW (Score:3, Funny)
Network Solutions (Score:2, Redundant)
by ravenspear (756059) on 08-16-10 14:56 (#33268844)
used to be the place to go for domains.
Now they are completely redundant.
Re: (Score:2)
Maybe some moderator thought he could get his moderation modded funny...
Re: (Score:3, Funny)
He did. I like karma because it permits me to speak my mind (which more often than not costs me karma) but what I like more than karma is a discussion about something I find interesting. I would rather have comments than positive mods... but send more positive mods anyway ;)
Re: (Score:2)
used to be the place to go for domains.
Now they are completely redundant.
Actually, now they are ironically recursive.
Their "Network Solutions" are serving malware, which is a "Network Problem" that then requires another "Network Solution"; This was overshadowed by another of their past "Network Problems" so that the current article about "Network Solutions" causing "Network Problems" was overlooked.
Re:Network Solutions (Score:4, Informative)
Used to be the place to go...until competition provided some choice back in the early '00s.
Seriously, by any metric Network Solutions has always been the worst registrar to deal with. Price, customer service, etc., the stories are legendary.
Re: (Score:2)
Having dealt with CIRA, and Sibername Inc. (who is on the ICANN list you provided), I've had nothing but good results with them. Now admittedly, all of the domains I own/manage are .ca domains, but I have no reason to believe they'd be anything but good to deal with for any other TLD.
Re: (Score:2)
"back in the early '00s."
So - how do YOU pronounce that? Early oughts? Early oh's? Early two thousands? I remember my grandparents and grand uncles and aunts talking about their younger days. Just like the prelude to the Mr. Bojangles song, it was "Back in 'ought six, we were so poor . . . "
Re: (Score:1)
Re: (Score:2)
I'd argue "irrelevant", not "redundant". If their prices were sane as they provided the same commoditized service, then they'd be redundant. In this day and age, the default parking provider should probably be someone like GoDaddy. If you have any content, stick with DreamHost or some dedicated colocation.
I've been a happy DreamHost customer since 2006 (when I relinquished control of a dedicated service on a comm
At least they did the right thing (Score:5, Insightful)
"The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later."
Sucks that it happened, but at least they did something about it as soon as they found out.
Re: (Score:2, Interesting)
"The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later."
Sucks that it happened, but at least they did something about it as soon as they found out.
NOT surprised from these guys.
They have a bad track record and continue to indulge in dirty practices like domain stealing.
Re:At least they did the right thing (Score:5, Insightful)
Can you imagine being the people who were responsible for the widget? Not that I like them, but they must be pretty proud that it worked for as long as it did...
Malware = Response Policy? (Score:2, Interesting)
Shrugged off, but root cause needs regulation (Score:3, Insightful)
Sad that this malware problem is still not going to be enough to outlaw or reduce parked domains. Heck, network solutions doesn't even get a slap in the wrist for failing to check their modules.
Also, governments hate spending money on laws to regulate the internet... how about we let the current de-facto rulers of the internet do it: Search engines and browsers should do even more to stop malware domains from ever appearing in results or being reachable?
Re:Shrugged off, but root cause needs regulation (Score:5, Insightful)
Re: (Score:2)
I respecfully disagree: Nobody is going to complain because
1) Parked domains are useless to anyone other than a potential buyer, who has no rights to the site at all
2) Addons are annoying to apply AND keep updated if you have more than one username on your PC, one operating system, and one browser.
The "neutrality" stance has already been proven weak: Google already warns us about a few malware sites, and they're the number one internet site according to Netcraft for the US.
Re: (Score:2)
they're the number one internet site according to Netcraft for the US.
Oops... s/Netcraft/ALEXA [alexa.com]/
Re: (Score:2)
Since Google is in the business [google.com] of "Domain Parking", I don't see them being interested in your idea.
Sounds major (Score:2)
I thought this was well known (Score:5, Informative)
I thought this was a known fact Network Solutions' parked pages served malware in one form or another. Back in July of last year I got some questions from an executive why the domain the company recently registered for was being blocked by the corporate web content filter. Turns out the Network Solutions parked page had an iframe that was serving malware from kolmic.com. I explained it and provided the parked page's html code with the offending code highlighted.
Doing some Google searches showed that I wasn't the only one that had noticed this.
Re: (Score:1)
I saw the ads (Score:5, Funny)
I saw a couple of those ads, which was pretty funny to suddenly see a strange file tree on my Linux box. It was pretty scary. For a minute I thought my PC had been infected with Windows.
Malware within malware? (Score:3, Interesting)
Is this analysis of r57shell [blogspot.com] still relevant?
Malware via browsers? (Score:1, Interesting)
Apart from Internet Explorer and ActiveX, how the hell can a web page infect a computer via a Web browser?
AFAIK Javascript can't write files to the OS, so how are they doing it?
Re: (Score:3, Interesting)
Re:Malware via browsers? (Score:5, Informative)
Apart from Internet Explorer and ActiveX, how the hell can a web page infect a computer via a Web browser? AFAIK Javascript can't write files to the OS, so how are they doing it?
You haven't seen any of the entries in mozilla's bugzilla DB with "arbitrary code execution"? http://www.mozilla.org/security/known-vulnerabilities/ [mozilla.org]
Run any browser as an Admin-priviledged user (as many-many ordinary home users do), and you're going to get owned at some point. Mis-type a URL, and you've suddenly hit a Network Solutions holding site. Or a Google-ad will get pre-fetched, or, or, or.
Javascript can't write to a file, but firefox can, and if it's made to run arbitrary code as a root/admin user, game over.
Re: (Score:2)
1. Only nerds read or even know what a "bugzilla DB" is.
2. Not everyone wants to mess with the whole administrator vs user accounts thing.
3. Not everyone uses that crappy browser known as Firefox.
I'll give you 1 and 2 (as reasons why people don't know better), but 3 is irrelevant. Every browser has had problems like these, even lynx. Ever heard of Safari? I hear mobile Safari had a pdf exploit recently.
Re: (Score:2)
Indeed. There have even been vulnerabilities in the JPG and PNG image decoders!
I wonder how practical it would be to write a fully functional browser entirely in a managed language like C# or Java.
It's about time somebody tried!
Re: (Score:2)
Re: (Score:2)
Why do people keep saying 'admin privileged user' as if thats what it takes to be owned ...
If you never login to your machine as more than a single user, root or not, and they exploit that user, you've been owned.
You may be able to clean yourself with a simple rm -rf ~, but effectively they have all they need when they exploit any user account. Its a place to run code, steal user info and snoop around.
Root isn't required or needed, its far easier to exploit general user accounts than trying to infect an en
Re: (Score:2)
"running as an admin or not isn't going to prevent you from getting owned,"
Yes it is. With root you can hide binaries and mod libraries, hack the kernel, install your own apps etc etc. Try doing that with a standard user account and see how long it takes to get spotted.
"Javascript exploits of an unprivileged user can still install a key logger that will get your root password, its not as quick, but its just as effective and will probably happen within a few days of the initial exploit anyway."
Key loggers do
NetSol and Malware (Score:3, Funny)
Re: (Score:2, Insightful)
Why pay $30 when Adblock is free?
https://addons.mozilla.org/en-US/firefox/addon/1865/ [mozilla.org]
Re: (Score:1)
I'd mod this up if I could, I run AdBlock Plus and NoScript and they do everything mentioned above, but a lot cheaper. I don't fear accidentally landing on a "parked" website, as I know any malware/scripts on it won't get a chance to run.
And if I'm running Firefox, and it does what I need it to... why would I need to worry about "the other programs" on my computer? In fact, why would I want any 3rd party software doing anything to my other programs? Will it stop me from wgetting malware by accident? :P
Damn it (Score:5, Interesting)
If I disregard the fact that this is an obvious Slashvertisment for some obscure thing called "HackAlert", let me tell you that I don't care WHICH or HOW MANY sites serve malware. There will always be sites serving malware, damn it!
What I care about (and this was -- as usual -- NOT answered anywhere in TFA/Slashvertisments), are these questions:
1. Does the served malware exploit a vulnerability for which no patch exists?
2. If 1 is true, what browsers and operating systems are affected?
If any kind soul knows and posts this information, you are bound to get some positive karma. Thanks.
Re:Damn it (Score:4, Informative)
Reading the Armorize blog, it sounds like this isn't just a tracking cookie dropper. They are showing a shell, a file editor, and a sql query runner. Also, they claim it reproduces itself which to my mind puts it into a narrower category of "malware" (the V-word).
Re: (Score:2)
Brian Krebs has a better writeup:
http://krebsonsecurity.com/2010/08/networksolutions-sites-hacked-by-wicked-widget/ [krebsonsecurity.com]
Essentially, the malware delivered a popup that looks like a screen from a popular Chinese chat program. I believe it pretends to be an update. So, this is just a trojan. No vulnerability was used, well, other than the one sitting in the chair.
Honest domain name registrar? (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
I've been moving my stuff to dyndns.org, they're cheaper than my previous registrar (Register.com) and seem honest enough. I also use their Dynamic DNS services too, so it's handy.
However, when you think about it, what defines a good/bad registrar? Network Solutions might not have policed their parked sites well, but it doesn't sound like they did it maliciously. They messed up, someone missed something... for a few months... or a year or more... yeah, pretty bad f'up... but I think that's more stupid tha
Network Solutions Parking Bullsh*t (Score:2)
That's nice.... (Score:1)
How does one of the biggest domain provider's end up being hacked, I understand if the website hosted on their domain was serving it up because of their own coding error, but a widget that they themselves created for their customers to provide content gets hacked, does not really leave me to impressed. Better start checking all regular domains being hosted with them, to see if I visit them or not....wonder if /. is one such customer?