Malicious widget attacks compromise parked domains

Summary:Some parked domains from Network Solutions that display "page under construction" messages were found to be serving up malware.


This screenshot shows the fake chat message and the malicious widget on the test site that Armorize registered to test the attack. (Credit: Armorize)

Some parked domains from Network Solutions that display "page under construction" messages were found to be serving up malware from a widget that was later disabled over the weekend, a security researcher told CNET on Monday.

However, parked domains still had malware in the form of a malicious script that targets IP addresses coming from Taiwan and Hong Kong and which serves up a fake chat message and redirects to other Web sites, said Wayne Huang, co-founder and chief technology officer at security firm Armorize. The company is still analyzing the malware and it is unclear exactly what happens when computers are redirected, he said.

The malware that was embedded in the now-disabled "Small Business Success Index" widget, from Network Solutions' GrowSmartBusiness.com site, did what is called a "drive-by-download," according to Huang. It monitored what Web pages were visited and served up ads based on search queries, among other actions, he said.

For more on this story, read Parked Network Solutions domains served up malware on CNET News.

Topics: Malware, Browser, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.