Over 9000 domains infected with spyware
Posted: Tue Aug 17, 2010 12:36 pm
(by Wayne Huang, Chris Hsiao, Fyodor Yarochking, NightCola, Jeremy Chiu, and other Armorize colleagues)
(see Part 1 here)
A few days ago, in response to questions by one of our largest customers, we analyzed a widget by Network Solutions, confirmed that it was infected, and published the last blog "SMCI widget and growsmartbusiness.com by Network Solutions still serving malware."
It was actually a report that we wrote for this customer, to assure them that although other detection mechanisms aren't flagging, that we are rightfully flagging these pages as malicious.
Soon after publishing the blog, we realized that it was the same widget that got the boingboing.com parked domain infected, which we blogged about back in May.
Yesterday I had some time to sit down and study this widget further, and discovered something critical--it's a part of the standard domain parking page of Network Solutions.
And so, just how many domains (not pages) are currently affected and serving malware?
(more)
Archived topic from Iceteks, old topic ID:5174, old post ID:39449
(see Part 1 here)
A few days ago, in response to questions by one of our largest customers, we analyzed a widget by Network Solutions, confirmed that it was infected, and published the last blog "SMCI widget and growsmartbusiness.com by Network Solutions still serving malware."
It was actually a report that we wrote for this customer, to assure them that although other detection mechanisms aren't flagging, that we are rightfully flagging these pages as malicious.
Soon after publishing the blog, we realized that it was the same widget that got the boingboing.com parked domain infected, which we blogged about back in May.
Yesterday I had some time to sit down and study this widget further, and discovered something critical--it's a part of the standard domain parking page of Network Solutions.
And so, just how many domains (not pages) are currently affected and serving malware?
(more)
Archived topic from Iceteks, old topic ID:5174, old post ID:39449