Over 9000 domains infected with spyware

Firewalls, routers, servers, switches, SANs, PBXes, security and related topics
Locked
User avatar
Red Squirrel
Posts: 29209
Joined: Wed Dec 18, 2002 12:14 am
Location: Northern Ontario
Contact:

Over 9000 domains infected with spyware

Post by Red Squirrel »

(by Wayne Huang, Chris Hsiao, Fyodor Yarochking, NightCola, Jeremy Chiu, and other Armorize colleagues)
(see Part 1 here)

A few days ago, in response to questions by one of our largest customers, we analyzed a widget by Network Solutions, confirmed that it was infected, and published the last blog "SMCI widget and growsmartbusiness.com by Network Solutions still serving malware."

It was actually a report that we wrote for this customer, to assure them that although other detection mechanisms aren't flagging, that we are rightfully flagging these pages as malicious.

Soon after publishing the blog, we realized that it was the same widget that got the boingboing.com parked domain infected, which we blogged about back in May.

Yesterday I had some time to sit down and study this widget further, and discovered something critical--it's a part of the standard domain parking page of Network Solutions.

And so, just how many domains (not pages) are currently affected and serving malware?


(more)





Archived topic from Iceteks, old topic ID:5174, old post ID:39449
Honk if you love Jesus, text if you want to meet Him!
User avatar
Red Squirrel
Posts: 29209
Joined: Wed Dec 18, 2002 12:14 am
Location: Northern Ontario
Contact:

Over 9000 domains infected with spyware

Post by Red Squirrel »

Silly network solutions for letting this happen. They are actually one of the biggest, yet worse registrars out there. I don't even know how they are still around.

Archived topic from Iceteks, old topic ID:5174, old post ID:39450
Honk if you love Jesus, text if you want to meet Him!
Locked