Slashdot Mirror
5 Million Domains Serving Malware Via Network Solutions
An anonymous reader writes "A compromised widget provided by Network Solutions was serving malware on otherwise legitimate websites. But, as bad as this discovery was, it was overshadowed a couple of days later by another revelation: the widget is automatically included on every 'parked domain' by Network Solutions! Searches on Google and Yahoo! revealed 500,000 and 5,000,000 domains affected and serving malware, respectively. A manual check of some 200 parked domains on the list showed that all of them were provided with the malware-serving widget."
The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later.
used to be the place to go for domains.
Now they are completely redundant.
"The researchers who uncovered this issue alerted Network Solutions, and the widget was taken down a few hours later."
Sucks that it happened, but at least they did something about it as soon as they found out.
They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
I thought this was a known fact Network Solutions' parked pages served malware in one form or another. Back in July of last year I got some questions from an executive why the domain the company recently registered for was being blocked by the corporate web content filter. Turns out the Network Solutions parked page had an iframe that was serving malware from kolmic.com. I explained it and provided the parked page's html code with the offending code highlighted.
Doing some Google searches showed that I wasn't the only one that had noticed this.
I saw a couple of those ads, which was pretty funny to suddenly see a strange file tree on my Linux box. It was pretty scary. For a minute I thought my PC had been infected with Windows.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Once you start blocking "for the good of x" someone will come along and complain that "y" should be on that list too or yet another person will come along and claim that it is unfair that their site "x" was blocked. Staying neutral and allowing anything to be displayed as long as it is spider-able keeps them free of censoring/uncensoring and/or policing. Simply getting addons to your favorite browser and/or using a DNS that filters the way you like it are the best solutions.
Network Solutions (Score:2, Redundant)
by ravenspear (756059) on 08-16-10 14:56 (#33268844)
used to be the place to go for domains.
Now they are completely redundant.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Network Solutions = Malware...??? Nothing new here
Apart from Internet Explorer and ActiveX, how the hell can a web page infect a computer via a Web browser? AFAIK Javascript can't write files to the OS, so how are they doing it?
You haven't seen any of the entries in mozilla's bugzilla DB with "arbitrary code execution"? http://www.mozilla.org/security/known-vulnerabilities/
Run any browser as an Admin-priviledged user (as many-many ordinary home users do), and you're going to get owned at some point. Mis-type a URL, and you've suddenly hit a Network Solutions holding site. Or a Google-ad will get pre-fetched, or, or, or.
Javascript can't write to a file, but firefox can, and if it's made to run arbitrary code as a root/admin user, game over.
If I disregard the fact that this is an obvious Slashvertisment for some obscure thing called "HackAlert", let me tell you that I don't care WHICH or HOW MANY sites serve malware. There will always be sites serving malware, damn it!
What I care about (and this was -- as usual -- NOT answered anywhere in TFA/Slashvertisments), are these questions:
1. Does the served malware exploit a vulnerability for which no patch exists?
2. If 1 is true, what browsers and operating systems are affected?
If any kind soul knows and posts this information, you are bound to get some positive karma. Thanks.