Infected Widget Compromises Parked Domains

Aug 16th, 2010 | By technologynews | Category: Technology

Researchers at Armorize Technologies reported that as many as five million parked domains belonging to customers of Network Solutions fell victim to an infected widget and were serving up a side order of malware.

Armorize has notified Network Solutions, which told eWEEK it is investigating the situation and cant confirm how many domains may have been affected. According to Armorize however, the now-disabled widget had been installed on at least 500,000 parked domains, and possibly five million.

Parked domains are domains that have been registered but have no owner-provided content. According to Armorize CTO Wayne Huang, many of his companys customers were found to be serving malware the company linked to the Small Business Success Index widget by Network Solutions.

“[The widget] was hacked, as proved by the webshell that Google caches,” Huang told eWEEK. “The attacker had full control.”

Google listed more than 500,000 results when keywords for parked domains are used, while Yahoo search lists some five million.

The widget launched a drive-by attack against users running Internet Explorer, Google Chrome, Firefox and Opera. The malware modifies the registry, monitors for the browsers, redirects search engine users and generates pop up advertisements depending on whether certain search terms are entered. It also renames itself to a list of popular software programs and calls out to a control URLs for further instructions.

According to Network Solutions, the widget was used to provide small business tips on pages that were under construction.

We have removed the widget from those pages and continue to check and monitor to ensure securityIf you have downloaded the GrowSmartBusiness widget to your website, we recommend you delete that widget and scan your site for malware, the company said in an alert.

Full Text RSS Feeds | WordPress Auto Translator

Tags: , , , , , , , , , , , , , , , , , ,

Comments are closed.