Forum Moderators: phranque
Cybercriminals tend to seek economies of scale: the easiest attack with the largest number of victims. Now one scheme may have set a new record for efficient exploitation: one web-based hack that infected as many as five million individual websites.
That widget–an embeddable survey called the “Small Business Success Index”–was injected with malicious code aimed at installing a variant of the Koobface worm.
According to Huang, that infected site element was automatically included on every ”parked” domain–default registered sites that haven’t been updated–created by popular hosting provider Network Solutions. And a search on Yahoo! for a few search strings listed only on those parked domains revealed the total size of the infection: as many as five million individual sites.
Update: Network Solutions responded with the following statement on their website:
Our Security Team was alerted this past weekend to a malicious code that was added to a widget housed on our small business blog, growsmartbusiness.com. This widget was used to provide small business tips on Network Solutions’ under construction pages. We have removed the widget from those pages and continue to check and monitor to ensure security. The number of impacted pages that have reported publicly over the weekend are not accurate. We’re still investigating the number of web pages affected.
If you have downloaded the GrowSmartBusiness widget to your website, we recommend you delete that widget and scan your site for malware.
