For the second time in as many weeks, Internet hosting provider Network Solutions is trying to limit the damage from a hacking incident that has left many customer Web sites serving up malicious code.
In a post to its blog on Sunday titled We Feel Your Pain and We are Working Hard to Fix This, Network Solutions spokesman Shashi Bellamkonda apologized for the incident.
“We have received reports that Network Solutions customers are seeing malicious code added to their websites and we are really sorry for this experience,” Bellamkonda wrote. “At this time since anything we say in public may help the perpetrators, we are unable to provide details.”
Reached by telephone Monday, company spokeswoman Susan Wade declined to offer much more detail about the incident, such as how many customers may have been impacted and whether Network Solutions had uncovered the cause.
“It’s not impacting the entire hosting platform, but a subset of customers,” Wade said. “We’re trying to be very careful of what we say publicly right now. We want to make sure we have our facts straight and that we understand the scope of the problem. We’re putting countermeasures in place, but we’re not quite ready to come out and talk about them just yet.”
Unlike last week’s bout of customer site compromises, which seemed to impact mainly WordPress blogs, security experts have been hard-pressed to find a commonality among the victim sites, other than the malicious sites they are linking to.
“Note that this time we are seeing all kind of sites hacked, from WordPress, Joomla to just simple HTML sites,” wrote David Dede, a Brazilian security blogger who helped to raise the alarm over last week’s Network Solutions infections.
The StopMalvertising blog includes a host of information about the malicious scripts inserted into the hacked sites, indicating that the injected code redirects the visitor’s browser to Web pages that silently try to install malicious software using a variety of known vulnerabilities in popular Web browser plugins — such as Adobe PDF Reader — as well as insecure ActiveX (Internet Explorer) components.
You wrote: “Unlike last week’s bout of customer site compromises, which seemed to impact mainly WordPress blogs, security experts have been hard-pressed to find a commonality among the victim sites, other than the malicious sites they are linking to.”
Network Solutions addressed the cause of last week’s issues and took responsibility here: http://blog.networksolutions.com/2010/wordpress-is-not-the-issue/
You can also read the official WordPress.org blog for more: http://wordpress.org/development/2010/04/file-permissions/
Owning the issue and taking responsibility should involve divulging information on what happened. Maybe they have, and I have just not seen it…
From the WordPress release, sounds like they were able to do some directory traversals of other user’s folders in Network Solution’s shared hosting environment.
Not sure if it is a result, but I have been receiving 4 and 5 digit levels of spam daily for the last 3-4 days. Double checked my websites, no malicious code. Scanned computers a couple of times, no problems.
Most of the spam is viagra based, so it is filtered easy. On a larger scale, this would be a massive spam run.
+ 1 Agreed on the recent glut of viagra spam.
Also +1. We are seeing a surge of the same viagra spam messages as well. Easily caught. Looked like whoever the spammer was hadn’t a clue as to what they were doing.
That recent spam glut may be related to some gmail issues. There was a recent viagra spam to a subscriber-only mailing list I get, from a gmail user account, and this link emerged in the discussion:
http://www.google.com/support/forum/p/gmail/thread?tid=77127463d8f40cb6&hl=en
Seems gmail has some undisclosed issue(s) too…
Wow, looks like a bunch of gmail accounts and their passwords were stolen and posted online! See the thread at this link:
http://www.google.com/support/forum/p/gmail/thread?tid=196ae662528000f2&hl=en
Question is: how was this done? Related to cyberattacks on Google last Dec/Jan?
http://www.nytimes.com/2010/04/20/technology/20google.html
I think Network Solutions email servers are under attach now. I haven’t had an email come through for 4 hours and I know people are sending them to me. When I call the support line they have a message indicating the servers are receiving heavy traffic. Our company website was hacked twice in the last two weeks and now the email system isn’t working. Time to look for a new provider for both services. This is ridiculous.
The attacks have continued through this morning (Mar 22nd). Our site hosted by Network Solutions got hacked on the 19th, cleaned on the 20th. Last night it got hacked again and of this morning the hackers were were still modifying files. Sometimes within a minute of uploading a good copy, the hacker’s program would add the malicious content back in. This is a plain HTML site.
I was not receiving mail today and discovered that someone had hacked my Nework Solutions account settings and set-up my account to autoforward all mail to a yahoo address in the u.k. If you are not receiving mail. Check these settings.
email from network solutions has not worked for two days now. Are they again under attack?