Slashdot Mirror

← Back to Stories (view on slashdot.org)

5 Million Domains Serving Malware Via Network Solutions

Posted by Soulskill on from the going-for-the-gusto dept.

An anonymous reader writes "A compromised widget provided by Network Solutions was serving malware on otherwise legitimate websites. But, as bad as this discovery was, it was overshadowed a couple of days later by another revelation: the widget is automatically included on every 'parked domain' by Network Solutions! Searches on Google and Yahoo! revealed 500,000 and 5,000,000 domains affected and serving malware, respectively. A manual check of some 200 parked domains on the list showed that all of them were provided with the malware-serving widget." The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later.

21 of 67 comments (clear)

  1. Network Solutions by ravenspear · · Score: 5, Insightful

    used to be the place to go for domains.

    Now they are completely redundant.

    1. Re:Network Solutions by sarysa · · Score: 5, Interesting

      I'm not surprised by TFA, but I'm not in the know when it comes to which domain parkers are "legitimate" and which aren't. Regardless of their status, accidentally hitting a parked domain on a Windows box (i.e. my work PC) has been a bit of a gut-wrenching experience for a number of years now...

      --
      Charisma is the measure of someone's ability to lie with a straight face.
    2. Re:Network Solutions by SpaceLifeForm · · Score: 3, Insightful

      Sure, and you have just provided evidence that you did not RTFA.

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
    3. Re:Network Solutions by theskipper · · Score: 3, Informative

      Used to be the place to go...until competition provided some choice back in the early '00s.

      Seriously, by any metric Network Solutions has always been the worst registrar to deal with. Price, customer service, etc., the stories are legendary.

  2. At least they did the right thing by Abstrackt · · Score: 4, Insightful

    "The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later."

    Sucks that it happened, but at least they did something about it as soon as they found out.

    --
    They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
    1. Re:At least they did the right thing by Anonymous Coward · · Score: 2, Interesting

      "The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later."

      Sucks that it happened, but at least they did something about it as soon as they found out.

      NOT surprised from these guys.
      They have a bad track record and continue to indulge in dirty practices like domain stealing.

    2. Re:At least they did the right thing by steveo777 · · Score: 4, Insightful

      Can you imagine being the people who were responsible for the widget? Not that I like them, but they must be pretty proud that it worked for as long as it did...

      --
      This sig isn't original enough, it's time to come up with something witty...
  3. Malware = Response Policy? by alphatel · · Score: 2, Interesting

    Yet another reason to use the new RPZ in BIND to blacklist all parked pages. Not really what anyone was hoping for though.

    --
    When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
  4. Shrugged off, but root cause needs regulation by vlueboy · · Score: 2, Insightful

    Sad that this malware problem is still not going to be enough to outlaw or reduce parked domains. Heck, network solutions doesn't even get a slap in the wrist for failing to check their modules.

    Also, governments hate spending money on laws to regulate the internet... how about we let the current de-facto rulers of the internet do it: Search engines and browsers should do even more to stop malware domains from ever appearing in results or being reachable?

    1. Re:Shrugged off, but root cause needs regulation by rotide · · Score: 5, Insightful

      Once you start blocking "for the good of x" someone will come along and complain that "y" should be on that list too or yet another person will come along and claim that it is unfair that their site "x" was blocked. Staying neutral and allowing anything to be displayed as long as it is spider-able keeps them free of censoring/uncensoring and/or policing. Simply getting addons to your favorite browser and/or using a DNS that filters the way you like it are the best solutions.

  5. I thought this was well known by noc007 · · Score: 4, Informative

    I thought this was a known fact Network Solutions' parked pages served malware in one form or another. Back in July of last year I got some questions from an executive why the domain the company recently registered for was being blocked by the corporate web content filter. Turns out the Network Solutions parked page had an iframe that was serving malware from kolmic.com. I explained it and provided the parked page's html code with the offending code highlighted.

    Doing some Google searches showed that I wasn't the only one that had noticed this.

  6. I saw the ads by HangingChad · · Score: 5, Funny

    I saw a couple of those ads, which was pretty funny to suddenly see a strange file tree on my Linux box. It was pretty scary. For a minute I thought my PC had been infected with Windows.

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
  7. Malware within malware? by Unordained · · Score: 2, Interesting

    Is this analysis of r57shell still relevant?

  8. Genius Moderation FTW by drinkypoo · · Score: 3, Funny

    Network Solutions (Score:2, Redundant)
    by ravenspear (756059) on 08-16-10 14:56 (#33268844)
    used to be the place to go for domains.

    Now they are completely redundant.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:Genius Moderation FTW by drinkypoo · · Score: 2, Funny

      He did. I like karma because it permits me to speak my mind (which more often than not costs me karma) but what I like more than karma is a discussion about something I find interesting. I would rather have comments than positive mods... but send more positive mods anyway ;)

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  9. NetSol and Malware by MTTECHYBOY · · Score: 3, Funny

    Network Solutions = Malware...??? Nothing new here

  10. Re:Malware via browsers? by zonky · · Score: 2, Interesting

    probably exploits via flash, or a windows image library.

  11. Re:Malware via browsers? by Culture20 · · Score: 4, Informative

    Apart from Internet Explorer and ActiveX, how the hell can a web page infect a computer via a Web browser? AFAIK Javascript can't write files to the OS, so how are they doing it?

    You haven't seen any of the entries in mozilla's bugzilla DB with "arbitrary code execution"? http://www.mozilla.org/security/known-vulnerabilities/
    Run any browser as an Admin-priviledged user (as many-many ordinary home users do), and you're going to get owned at some point. Mis-type a URL, and you've suddenly hit a Network Solutions holding site. Or a Google-ad will get pre-fetched, or, or, or.
    Javascript can't write to a file, but firefox can, and if it's made to run arbitrary code as a root/admin user, game over.

  12. Damn it by trifish · · Score: 4, Interesting

    If I disregard the fact that this is an obvious Slashvertisment for some obscure thing called "HackAlert", let me tell you that I don't care WHICH or HOW MANY sites serve malware. There will always be sites serving malware, damn it!

    What I care about (and this was -- as usual -- NOT answered anywhere in TFA/Slashvertisments), are these questions:

    1. Does the served malware exploit a vulnerability for which no patch exists?
    2. If 1 is true, what browsers and operating systems are affected?

    If any kind soul knows and posts this information, you are bound to get some positive karma. Thanks.

    1. Re:Damn it by fishbowl · · Score: 4, Informative

      Reading the Armorize blog, it sounds like this isn't just a tracking cookie dropper. They are showing a shell, a file editor, and a sql query runner. Also, they claim it reproduces itself which to my mind puts it into a narrower category of "malware" (the V-word).

      --
      -fb Everything not expressly forbidden is now mandatory.
  13. Re:Ad Muncher would have protected everyone. by Anonymous Coward · · Score: 2, Insightful

    Why pay $30 when Adblock is free?

    https://addons.mozilla.org/en-US/firefox/addon/1865/