Thousands of websites hosted at Network Solutions have been compromised and had their index pages injected with a malicious IFrame. This appears to be a reiteration of an attack that took place over a week ago, but targeted only WordPress-powered blogs.
David Dede, a researcher with the company.
The /grep/ ending URL looks consistent with the ones used during the dirty attack that recently crippled
hundreds of WordPress blogs hosted at Network Solutions. However, according to
the stopmalvertising.com outfit, the new attack affects all kinds of websites, including those built using the Joomla! content management solution, or plain HTML ones.
The malicious code seems to be injected in all index.* or default.* pages, regardless of the scripting language found in those files. Visitors landing on any of the compromised websites will be taken through a series of redirects before being hit with exploits for unpatched Adobe Reader and Internet Explorer versions.
Network Solutions has acknowledged the new series of compromises and is working to resolve the problem. "We have identified the issue and are currently in the process of deploying updates to address. Our teams are proactively cleaning any malicious code from affected files," wrote
Shashi Bellamkonda, head of social media strategy at Network Solutions, on the company's blog. He also noted that the hosting provider would refrain from making any technical details public, to avoid inadvertently helping the attackers.