Network Solutions sites hacked again

Newest wave infects hosted sites, sends users to Ukrainian attack server

A week after Web hosting company Network Solutions dealt with a large-scale infection of WordPress-driven blogs, the company acknowledged that other sites it hosts have been compromised.

"We have received reports that Network Solutions customers are seeing malicious code added to their websites and we are really sorry for this experience," said company spokesman Shashi Bellamkonda in a Sunday blog post . "At this time, since anything we say in public may help the perpetrators, we are unable to provide details."

On Monday, another Network Solutions spokesperson declined to get more specific or answer questions, including what moves the company was making and how many sites had been affected. "At this time, we believe this is affecting a subset of our hosting customers," said Susan Wade, the director of Network Solutions' corporate communications. "For now, it's difficult to make a conclusive statement or provide more details publicly."

Yesterday, Securi Security Labs said at least 50 sites hosted by Networks Solutions had been hacked, and that malicious JavaScript injected into those sites was redirecting unsuspecting users to a Ukrainian attack server. The same server was involved in the earlier attacks against Network Solutions-hosted blogs.

According to the StopMalvertising blog , the attacks planted a rogue IFRAME on the hacked sites to shunt users to the attack server. That server then launches multiple exploits, including an attack kit of ActiveX exploits and three more leveraging Adobe Reader vulnerabilities, against visiting PCs.

Several browsers , including Microsoft's Internet Explorer 8 (IE8), Google's Chrome and Mozilla's Firefox, display warnings when users are redirected to the attack site. "This web page ... has been reported as an attack page and has been blocked based on your security preferences," Firefox reports in its warning.

Network Solutions had characterized the earlier attacks targeting WordPress-crafted blogs as a file permissions issue, and initially seemed to blame users' weak passwords for the attacks. Although the company never disclosed how the blogs were hacked, it said it had addressed what it called the "root cause" by April 11.

Yesterday, Bellamkonda hinted that the newest attacks were conducted differently than those against WordPress blogs hosted by his company. "It may not be accurate to categorize this as a single issue such as 'file permissions,'" he said. He also said that passwords were "not related to this issue."

Network Solutions declined to say today whether it had figured out how the second wave of attacks was carried out. "Our teams continue to work around the clock to combat this threat to us and our customers. We are also continuing to actively investigate the issue," said Wade.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Knowledge Center.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Network Solutionssecurityhacking

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?