Network Solutions Hack Affects Fewer Than Thought

Network Solutions has reported that a mass compromise of parked domains belonging to their customers affected significantly fewer domains than previously thought.

Last week, researchers at Armorize Technologies discovered an infected widget that was serving malware to people who visited parked domains, which are domains that are registered but lack any owner-provided content.

Chinese servers targeted

While Armorize estimated the number of domains affected ranged from 500,000 to 5 million, Network Solutions on 17 August put the total at less than 120,000.

In any case, Network Solutions reported no active websites were impacted, and there was no compromise of the company’s platform.

“We received reports of under-construction pages showing pop-up boxes with Chinese writing in them when viewed from Taiwan; however, when viewing the same page at the same time here in Herndon, Virginia, these boxes didn’t appear,” Network Solutions said in a statement. “It seems this attack targeted Chinese web servers.”

“We removed the widget link from both the GrowSmartBusiness.com blog and the impacted under construction pages,” the company continued. “By removing this single link, the widget no longer appears. We also removed the widget from the open-source, third party provider’s widget library. By doing this, the widget no longer appears on any website, blog or profile that had the link or downloaded the widget code. In addition, we have scanned our entire hosting platform to proactively detect this malware and there have been no other occurrences.”

Network Solutions attacks

According to Armorize, Network Solutions’ customers have been targeted on multiple occasions so far this year.

“Throughout this year, the shared web hosting industry has been facing increasing attacks from perpetrators of malware,” Network Solutions said. “We are continually working to defend against these and similar types of attacks.”