Network Solutions sites hacked again
Newest wave infects hosted sites, sends users to Ukrainian attack server
Computerworld - A week after Web hosting company Network Solutions LLC dealt with a large-scale infection of WordPress-driven blogs, the company acknowledged that other sites it hosts have been compromised.
"We have received reports that Network Solutions customers are seeing malicious code added to their websites, and we are really sorry for this experience," said company spokesman Shashi Bellamkonda in a Sunday blog post. "At this time, since anything we say in public may help the perpetrators, we are unable to provide details."
On Monday, another Network Solutions spokesperson declined to get more specific or answer questions, including queries about what moves the company was making and how many sites had been affected. "At this time, we believe this is affecting a subset of our hosting customers," said Susan Wade, director of corporate communications at Network Solutions. "For now, it's difficult to make a conclusive statement or provide more details publicly."
According to the StopMalvertising blog, the attacks planted a rogue IFRAME on the hacked sites to shunt users to the attack server. That server then launches multiple exploits, including an attack kit of ActiveX exploits and three more that take advantage of Adobe Reader vulnerabilities, against visiting PCs.
Several browsers, including Microsoft's Internet Explorer 8, Google's Chrome and Mozilla's Firefox, display warnings when users are redirected to the attack site. "This web page ... has been reported as an attack page and has been blocked based on your security preferences," Firefox reports in its warning.
Network Solutions had characterized the earlier attacks targeting WordPress-crafted blogs as a file permissions issue, and it initially seemed to blame users' weak passwords for the attacks. Although the company never disclosed how the blogs were hacked, it said it had addressed what it called the "root cause" by April 11.
Yesterday, Bellamkonda hinted that the newest attacks were conducted differently than those against WordPress blogs hosted by his company. "It may not be accurate to categorize this as a single issue such as 'file permissions,'" he said. He also said that passwords were "not related to this issue."
Network Solutions declined to say today whether it had figured out how the second wave of attacks was carried out. "Our teams continue to work around the clock to combat this threat to us and our customers. We are also continuing to actively investigate the issue," said Wade.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts