Posts Tagged: david dede


19
Apr 10

Network Solutions Again Under Siege

For the second time in as many weeks, Internet hosting provider Network Solutions is trying to limit the damage from a hacking incident that has left many customer Web sites serving up malicious code.

In a post to its blog on Sunday titled We Feel Your Pain and We are Working Hard to Fix This, Network Solutions spokesman Shashi Bellamkonda apologized for the incident.

“We have received reports that Network Solutions customers are seeing malicious code added to their websites and we are really sorry for this experience,” Bellamkonda wrote. “At this time since anything we say in public may help the perpetrators, we are unable to provide details.”

Reached by telephone Monday, company spokeswoman Susan Wade declined to offer much more detail about the incident, such as how many customers may have been impacted and whether Network Solutions had uncovered the cause.

“It’s not impacting the entire hosting platform, but a subset of customers,” Wade said. “We’re trying to be very careful of what we say publicly right now. We want to make sure we have our facts straight and that we understand the scope of the problem. We’re putting countermeasures in place, but we’re not quite ready to come out and talk about them just yet.”

Unlike last week’s bout of customer site compromises, which seemed to impact mainly WordPress blogs, security experts have been hard-pressed to find a commonality among the victim sites, other than the malicious sites they are linking to.

“Note that this time we are seeing all kind of sites hacked, from WordPress, Joomla to just simple HTML sites,” wrote David Dede, a Brazilian security blogger who helped to raise the alarm over last week’s Network Solutions infections.

The StopMalvertising blog includes a host of information about the malicious scripts inserted into the hacked sites, indicating that the injected code redirects the visitor’s browser to Web pages that silently try to install malicious software using a variety of known vulnerabilities in popular Web browser plugins — such as Adobe PDF Reader — as well as insecure ActiveX (Internet Explorer) components.


9
Apr 10

Hundreds of WordPress Blogs Hit by ‘Networkads.net’ Hack

A large number of bloggers using WordPress are reporting that their sites recently were hacked and are redirecting visitors to a page that tries to install malicious software.

According to multiple postings on the WordPress user forum and other blogs, the attack doesn’t modify or create files, but rather appears to inject a Web address — “networkads.net/grep” — directly into the target site’s database, so that any attempts to access the hacked site redirects the visitor to networkads.net. Worse yet, because of the way the attack is carried out, victim site owners are at least temporarily locked out of accessing their blogs from the WordPress interface.

It’s not clear yet whether the point of compromise is a WordPress vulnerability (users of the latest, patched version appear to be most affected), a malicious WordPress plugin, or if a common service provider may be the culprit. However, nearly every site owner affected so far reports that Network Solutions is their current Web hosting provider.

Network Solutions spokeswoman Susan Wade said the company is investigating the attacks, and that the company believes the problem may be related to a rogue WordPress plugin. Wade added that the attacks weren’t limited to just Network Solutions customers (although the company hasn’t supplied the author with any evidence to support that claim yet).

Continue reading →