Hundreds of thousands of Web sites parked at NetworkSolutions.com have been serving up malicious software thanks to a tainted widget embedded in their pages, a security company warned Saturday.
Santa Clara, Calif. based Web application security vendor Armorize said it found the mass infection while responding to a complaint by one of its largest customers. Armorize said it traced the problem to the “Small Business Success Index” widget, an application that Network Solutions makes available to site owners through its GrowSmartBusiness.com blog.
Armorize soon discovered that not only was the widget serving up content for those who had downloaded and installed it on their sites, but also it was being served by default on some — if not all — Network Solutions pages that were parked or marked as “under construction.”
Parked domains are registered but contain no owner content. Network Solutions — like many companies that bundle Web site hosting and domain registration services – includes ads and other promotional content on these sites until customers add their own.
Armorize founder and chief executive Wayne Huang said Google and Yahoo! search results indicate anywhere from 500,000 to 5 million Network Solutions domains may have been serving the malware-infected widget. Armorize believes that hackers managed to taint the widget after compromising the GrowSmartBusiness.com domain itself with a Web-based hacking tool that allowed them to control the site remotely.
Shashi Bellamkonda, director of social media for Network Solutions, said the company has disabled the Growsmartbusiness.com blog and the tainted widget.