Between 500,000 and 5 million websites hosted by Network Solutions are believed to have been compromised, presenting a widget designed to help small business to build websites, and in fact, serving up malware to visitors. The widget was installed by default on all “parked sites”, which are sites that have been registered to reserve the site name, but lacking owner-provided content. The widget allowed each infected domain to be turned into a drive-by attack site. In addition, the Network Solutions domain “growsmallbusiness.com” was compromised with a shell script.
Network Solutions disabled the “Small Business Success Index” widget in parked domains and offered this: “… The number of impacted pages that have reported publicly over the weekend are not accurate. We’re still investigating the number of web pages affected. If you have downloaded the GrowSmartBusiness widget to your website, we recommend you delete that widget and scan your site for malware.” Application security firm Armorize, which was the first to warn of the attack, traced the flaw back through a series of compromises involving DNS manipulation and WordPress hacking, dating back to January.