InformationWeek – Security > Malware spewing widget hacks 500,000 websites

Welcome Guest | |

Home
Global CIO 2010
Case Studies
Special Features
Interviews
Top News
Section
Vertical
- BFSI
- IT/ITES
- Government
- FMCG
- Telecom
- Manufacturing
- Pharma
- Services
Special Property
Editor Zone
Analytics & Reports
International News

| | | | | | | | | | |

Security

Malware spewing widget hacks 500,000 websites
Security expert estimates that up to 5 million domains parked by Network Solutions are actively serving threats By Mathew J. Schwartz, InformationWeek USA, August 18, 2010

Up to 5 million domains -- not just web pages -- were infected by a malware-spewing widget, according to security experts at web application security vendor Armorize Technologies.

On Thursday, Armorize said that it had been receiving urgent client inquiries -- including one from its largest customer -- asking why their web pages were being flagged by Armorize's hack-alert service as generating malware.

Armorize traced the malware back to the "Small Business Success Index" widget offered by Network Solutions on its GrowSmartBusiness website. The widget was also available via Widgetbox, a widget-hosting website.

"We verified that the domain growsmallbusiness.com was definitely compromised and injected with a r57shell (webshell), which allowed the attacker easy manipulation of the site," according to a blog post from Wayne Huang, president and chief technology officer of Armorize, and his colleagues.

Both Network Solutions and Widgetbox have since removed the widget or taken the relevant sites offline. Prior to that, the widget had been installed more than 5,300 times just from Widgetbox.

On Saturday, however, after studying the widget further, Huang said he discovered that the malicious widget wasn't confined to those two websites, but somehow was also "part of the standard domain parking page of Network Solutions."

How many affected domains were out there? A search of Google reveals at least 500,000 instances of parked Network Solutions domain pages, while Yahoo says there are 5 million.

On Monday, Network Solutions pulled the plug on the malicious widget, said Susan Wade, the company's director of public relations. "The widget link that appeared on the parked page master template has been removed, therefore the widget no longer appears on any Network Solutions' parked page."

In a statement released Monday, the company also disputed the number of domains affected. "The number of impacted pages that have reported publicly over the weekend are not accurate. We're still investigating the number of web pages affected." The company said it would release an update on its investigation on Tuesday.

Meanwhile, for anyone who added the GrowSmartBusiness widget to a website, "we recommend you delete that widget and scan your site for malware," said Network Solutions.

blog comments powered by Disqus

Top Stories

Upcoming Webcast

"The Social Organization"
Attend Webcast on "The Social Organization" presented by Mark McDonald, Ph.D. Group Vice President, Gartner Fellow, Gartner Executive Programs - He discusses the approaches necessary to bring social media technology together with people to create mass collaboration and transform the way you work. This webcast discusses why it’s important to become a social organization rather than just having social media. Attend this webcast on Wednesday, February 8, 2012 at 11:00am

Interview

‘Employees are prioritizing device flexibility and work mobility over salary’
Mahesh Gupta, VP-Borderless Networks, Cisco India & SAARC discusses how enterprise mobility has become integral to an organization’s operational success

BankTech India - IT News for BFSI Segment

We're on Google+

InformationWeek India on Facebook