Websites Hosted at Network Solutions Targeted in Mass Injection Attack

For a second time in two weeks

By on April 21st, 2010 14:37 GMT
Thousands of websites hosted at Network Solutions have been compromised and had their index pages injected with a malicious IFrame. This appears to be a reiteration of an attack that took place over a week ago, but targeted only WordPress-powered blogs.

The new mass injection attack has been reported by Sucuri Security Labs, a provider of web integrity monitoring services, which noticed the malicious JavaScript via its scanner. "Just today we were notified of more than 50 sites hacked with the following malware javascript […] If we decode this javascript, we see that it is injecting this iframe from http://corpadsinc.com/grep/ [do not visit]," explained David Dede, a researcher with the company.

The /grep/ ending URL looks consistent with the ones used during the dirty attack that recently crippled hundreds of WordPress blogs hosted at Network Solutions. However, according to the stopmalvertising.com outfit, the new attack affects all kinds of websites, including those built using the Joomla! content management solution, or plain HTML ones.

The malicious code seems to be injected in all index.* or default.* pages, regardless of the scripting language found in those files. Visitors landing on any of the compromised websites will be taken through a series of redirects before being hit with exploits for unpatched Adobe Reader and Internet Explorer versions.

Network Solutions has acknowledged the new series of compromises and is working to resolve the problem. "We have identified the issue and are currently in the process of deploying updates to address. Our teams are proactively cleaning any malicious code from affected files," wrote Shashi Bellamkonda, head of social media strategy at Network Solutions, on the company's blog. He also noted that the hosting provider would refrain from making any technical details public, to avoid inadvertently helping the attackers.

Comments