Subscribe to RSS Feed

08|16|2010 06:14 pm EDT

Millions of Network Solutions Parked Pages Were Serving Malware

by Adam Strong in Categories: Registrars

Armorize, a web security company, reported on their blog today that Network Solutions had been displaying a widget box that contains malware.  The company was notified and quickly remedied the parking pags.  Based on a yahoo search only, there are over 5 million domain names with NSI parked landers that may have been affected by this drive by malware.

According to Help Net Security, the malware is a drive-by variety that doesn’t take much to infect the users computer. Simply visiting a parking page hosted by NSI would trigger the download.

The malware then modifies the registry, monitors four of the most popular browsers, redirects users using popular search engines to other websites, pops up advertisement according to a list of search terms and duplicates and renames itself to resemble a varied assortment of legal and illegal software (mostly key generators and cracked software versions). It then “phones home” to several URLs in order to receive further instructions and download more malware.

Only 50% of the antivirus solutions included in VirusTotal’s check detected this malware a couple of days ago, and it was discovered to have the ability to block well-known by download analysis services such as Wepawet and jsunpack.

This attack definitely marks the beginning of the exploitation of hosting providers as a means to compromise a massive amount of domains and spread malware to millions of users in a short period of time. Let’s hope that hosting providers will take this occurrence seriously and rethink their defenses from top to bottom.

This is not good news for parking companies and domain owners who rely on parking revenue. As parked pages become synonymous with malware or problems, users will shift away from clicking more and more. . . Is this just another nail in the coffin for domain parking?

Tags: , , ,

9 Comments

Andrew Douglas

August 16, 2010 @ 7:12 pm EDT

I’ve been getting virus warnings (using avast) from NetSol parked pages for some time but thought it was just being over sensitive. Glad I had some protection in place now that it appears it actually was malware. Curious what kind of liability NetSol could face from this.

Rob Monster - Epik

August 16, 2010 @ 10:44 pm EDT

The practice of “drive by downloads” is pretty insidious.

My personal theory is that some parking companies are seeing enormous margin pressure from conventional advertising. Drive-by downloads will pay additional revenue and don’t take up any space on the parking lander.

Malware on your site is a fast-track to seeing your domain locked up in Google’s sandbox. This is of course more evidence that parking is bad for your domain’s long-term well-being as if nuking your pagerank was not enough.

In the specific case of NetSol, I would have to assume they were the unwitting victim here though who knows!

Stop parking. Start developing.

mrx

August 17, 2010 @ 11:01 am EDT

Netsol has been serving this crap since June and were contacted by multiple compaines, including my own but did nothing.

I don’t think it lasted three months by accident.

Shahram

August 17, 2010 @ 2:44 pm EDT

thank god im on a mac.

"Danno"

August 17, 2010 @ 6:16 pm EDT

Hi Adam & Frank…

“Koobface Variant”: Tainted 5 Million Websites

http://www.pcworld.com/article/203505/koobface_variant_tainted_5_million_websites.html?tk=hp_new

Here is a more detailed explanation ~ Also shows what the “Bad Code” looks like in your website page(s)

http://www.thetechherald.com/article.php/201032/6023/500-000-parked-domains-on-Network-Solutions-serving-Malware

____

Best,
Dan

Susan Wade

August 17, 2010 @ 10:39 pm EDT

Hi, I am with Network Solutions and want to assure you that we are working on this issue and have additional clarifications and updates at http://bit.ly/9g5qv4 . Please note that this has NOT affected 5M sites as reported online. Our preliminary analysis is that the potential affected under construction web pages was less than 120k around the time of detection of the malware. Please visit http://bit.ly/9g5qv4 for frequent updates and a FAQ on the issue. –Susan Wade.

Sectional Couches

August 18, 2010 @ 9:07 am EDT

I don’t think regular internet users have any idea what parked domains are and rarely have the chance to see how a parked domain page really looks like, so I doubt this will affect them.

domainparking

August 25, 2010 @ 3:43 pm EDT

I hope domain parking continues to be be around for a good while, i rely on this as my income but if worst comes to worst i will need to diversify

Try these guys if you want to park domain names

http://www.parksdot.com

Rental Agents Laverton

May 24, 2012 @ 7:10 am EDT

The malware modifies the new browser. This browser is
very useful and fast from others browser. Thanks for sharing this informative
post.

RSS feed for comments on this post · TrackBack URI

Leave a Reply