Network Solutions versus the wily widget

Internet services firm Network Solutions has been having a bad year security-wise.

In January, hundreds of customer Web sites were defaced by anti-Israeli vandals, who exploited a file inclusion vulnerability in the company’s Unix servers to replace customers’ home pages. In April, a mass hack infected a number of WordPress blogs hosted by Network Solutions with malware. A week later, a similar attack added malicious code to hundreds of other sites. Network Solutions told customers: “We feel your pain.”

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Now, the company is feeling that pain again. Security firm Armorize found that Network Solutions’ Web 2.0 survey app, known as the Small Business Success Index, compromises Web sites with malicious code when administrators install the widget. In addition, thousands — perhaps millions — of parked domains had the widget installed by default. Armorize estimated from search results that up to 5 million sites may have hosted the widget.

“We figured out that this widget is included in all of Network Solutions’ default parking pages,” states Wayne Huang, co-founder and chief technology officer of Armorize.

Network Solutions confirms that rogue code invaded its widget and pulled down its Grow Smart Business site, which hosted the code. However, the company has taken issue with the breadth of the attack. “The number of impacted pages that have reported publicly over the weekend are not accurate,” the company stated in the statement. “We’re still investigating the number of web pages affected.”

The looming question in the case: How did the rogue code get into the company’s widget in the first place? But Network Solutions is not talking.

Conceivably it could be a rogue developer. Security firm Fortify Software recently released a ruleset to detect malicious code inserted by developers. On the other hand, worms and viruses that target development environments and infect programs with malicious code are not unheard of. A year ago, for example, Win32.Induc spread among Delphi environments and infected developers’ configuration files.

Whether it’s a nefarious coder or an infected IDE, Network Solutions has a serious security problem. And it needs to be fixed before more customers fall victim to malware or mischief.

This story, “Network Solutions versus the wily widget,” was originally published at InfoWorld.com. Get the first word on important tech news with the InfoWorld Tech Watch blog.

White Paper

Get the independent advice and expertise you need to support a virtual workforce.

Go inside: The three-step approach to making a virtual workforce a reality. The four flavors of client virtualization technologies. The three key initiatives that solve IT challenges. Download now » White Paper

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now » White Paper

Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations select appropriate solutions.

Download now » White Paper

A common misconception is that mid-range storage requirements are dramatically different than that of a bigger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.

Download now »

Other Post:

• DBeauty
• iOS 4.1 Sn0wBreeze Jailbreak Even iPad: Would You Use?
• Salesforce.com and Intuit tying QuickBooks to CRM
• HTC Desire S SIM-free now available in the UK, costs 410 quid
• Schools Swap Old Mobile Phones For Classroom Resources
• Samsung Galaxy S scheduled in June, will serve Froyo later
• Samsung and Giorgio Armani launch I9010 Galaxy S
• Google sued over Wi-Fi sniffing
• Design concept combines Leica camera with iPhone
• Start-up transforms unused desktop cycles into fast server clusters

Details :
Submited at Wednesday, August 18th, 2010 at 3:00 am on News by madison
Comment RSS 2.0 - leave a comment - trackback