Millions of Web Websites Hacked by Malicious Widget

Security researchers at Armorize Technologies said that approximately five million parked domains belonging to Network Solutions customers became victim to an infected widget and were distributing malware. Network Solutions is a domain name registration company, as per the news published on eweek on August 16, 2010.

As per the news published on Forbes on August 16 2010, a researcher at cyber security firm Armorize named Wayne Huang detected a collection of websites invisibly attempting to download malware to users' PCs, thanks to just one widget which was compromised by hackers. This widget is an embeddable survey called as the "Small Business Success Index" was injected with malicious code aimed at installing a worm.

This infected website element was automatically added to each "parked" domain-default registered websites which have not been updated and created by well known hosting provider Network Solutions. Parked domains are registered domains, but they have no owner-provided content.

This widget changed each and every affected domain into a drive-by attack website which serves the multi-exploit called "Nuke" toolkit against users running Opera, IE, Chrome and Firefox. A Trojan downloader hit the Windows PC if the kit gets success to hack the browser. All the searches are redirected and pop up ads appear on the screen.

A quick search made by Yahoo! and Google said that there were approximately 500,000 and 5,000,000 domains affected and were serving malware respectively. A manual check conducted on around 200 parked domains on the list showed that all of them were offered with the malware-serving widget.

By displaying the malicious ads, the attackers are making big bucks and distributing the malware by copying the malicious code to any of various peer to peer networks already installed in the PC.

Various antivirus programs, which recognized the downloader, found it as a variant of "Koobface." Koobface is a malware spreading worm best known for attacking users of social networking websites like Facebook.

Security experts said that the attackers had compromised sites with mass SQL injections where they tried to collect every single site they could but this attack indeed showed the beginning of the exploitation of hosting providers as a medium to compromise a large quantity of domains and spread malware to millions of users in a short period of time.

Related article: Millions of Windows Computers Never Patched

» SPAMfighter News - 8/21/2010