Up to five million parked domains served malware widget

By

Malware monitors user's browsing.

As many as five million parked domains belonging to customers of Network Solutions were actively serving malware to visitors due to an infected widget, according to researchers at a security firm.

Parked domains refer to sites that have been registered but do not contain any content.

Researchers at Armorize are still analysing the infection and have notified Network Solutions, a web hosting provider.

The now-disabled widget attempted to serve malware to visitors of parked Network Solutions pages via drive-by-download, Wayne Huang, co-founder and CTO of Armorize, told SCMagazineUS.com.

The malware is customised to monitor a user's web browsing. It pops up ads when a user searches for certain popular terms, and attempts to duplicate itself into peer-to-peer directories on a user's computer under popular download names.

The infected widget, which was intended to provide small business tips about Network Solutions sites that were under construction, was served to domains by default when an account holder chose to park their site using Network Solutions' standard "under construction" page.

Based on Google and Yahoo searches, researchers determined that the infected widget had been installed on anywhere from 500,000 to five million parked domains, Huang said.

Armorize researchers discovered the mass infection last week while responding to a question by one of the company's largest customers.

Network Solutions' security team was notified about the infected widget over the weekend and disabled it within three hours, Armorize researchers said in a blog post.

“We have removed the widget from those pages and continue to check and monitor to ensure security,” Network Solutions wrote in its own blog post.

The company, however, contested the number of affected web pages.

The widget was also available on Network Solutions' small business blog, growsmartbusiness.com, or could have been installed via a script offered by widget syndication site Widgetbox. Network Solutions recommended users who have downloaded the widget to their sites to delete it and scan the site for malware.

See original article on scmagazineus.com

Up to five million parked domains served malware widget
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
domainsfivemalwaremillionsecuritytoupwidget

Sponsored Whitepapers

Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?