Malicious widget attacks compromise parked domains

This screenshot shows the fake chat message and the malicious widget on the test site that Armorize registered to test the attack. (Credit: Armorize)

Some parked domains from Network Solutions that display "page under construction" messages were found to be serving up malware from a widget that was later disabled over the weekend, a security researcher told CNET on Monday.

However, parked domains still had malware in the form of a malicious script that targets IP addresses coming from Taiwan and Hong Kong and which serves up a fake chat message and redirects to other Web sites, said Wayne Huang, co-founder and chief technology officer at security firm Armorize. The company is still analyzing the malware and it is unclear exactly what happens when computers are redirected, he said.

The malware that was embedded in the now-disabled "Small Business Success Index" widget, from Network Solutions' GrowSmartBusiness.com site, did what is called a "drive-by-download," according to Huang. It monitored what Web pages were visited and served up ads based on search queries, among other actions, he said.

For more on this story, read Parked Network Solutions domains served up malware on CNET News.