Network Solutions versus the wily widget

The culprit behind Network Solutions' fourth major attack this year, which added infected code to its parked domains? A Web 2.0 widget

Internet services firm Network Solutions has been having a bad year security-wise.

In January, hundreds of customer websites were defaced by anti-Israeli vandals, who exploited a file inclusion vulnerability in the company's Unix servers to replace customers' home pages. In April, a mass hack infected a number of WordPress blogs hosted by Network Solutions with malware. A week later, a similar attack added malicious code to hundreds of other sites. Network Solutions told customers: "We feel your pain."

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Now, the company is feeling that pain again. Security firm Armorize found that Network Solutions' Web 2.0 survey app, known as the Small Business Success Index, compromises websites with malicious code when administrators install the widget. In addition, thousands -- perhaps millions -- of parked domains had the widget installed by default. Armorize estimated from search results that up to 5 million sites may have hosted the widget.

"We figured out that this widget is included in all of Network Solutions' default parking pages," says Wayne Huang, co-founder and chief technology officer of Armorize.

Network Solutions confirms that rogue code invaded its widget and pulled down its Grow Smart Business site, which hosted the code. However, the company has taken issue with the breadth of the attack. "The number of impacted pages that have reported publicly over the weekend are not accurate," the company said in the statement. "We're still investigating the number of web pages affected."

The looming question in the case: How did the rogue code get into the company's widget in the first place? But Network Solutions is not talking.

Conceivably it could be a rogue developer. Security firm Fortify Software recently released a ruleset to detect malicious code inserted by developers. On the other hand, worms and viruses that target development environments and infect programs with malicious code are not unheard of. A year ago, for example, Win32.Induc spread among Delphi environments and infected developers' configuration files.

Whether it's a nefarious coder or an infected IDE, Network Solutions has a serious security problem. And it needs to be fixed before more customers fall victim to malware or mischief.

This story, "Network Solutions versus the wily widget," was originally published at Get the first word on important tech news with the InfoWorld Tech Watch blog.


Copyright © 2010 IDG Communications, Inc.