Up to 5 Million Web Sites Hacked by Malicious GrowSmartBusiness Widget
Reportedly there had been as many as 5 million web sites hosted by Network Solutions that were plagued with malware for several months through a drive-by attack.
The recent infection of potentially millions of web sites has been traced to a widget installed by Network Solutions on the GrowSmartBusiness.com site.
This discovery of millions of websites hacked by a malicious widget has be classified as the largest mass infection of websites. Virtually every domain that has this widget installed by Network Solutions was turned into a drive-by attack site launching a multi-exploit toolkit against computer users who utilized visited these sites using Firefox, Chrome, Explorer or Opera web browsers. If the user visited one of these sites and their system was able to successfully download malware via a Trojan downloader, then their PC was infected and redirected to popup ads.
A drive-by attack is simply a method for a malicious program downloading malware to your computer without your permission or consent. Usually this happens through the use a of computer Trojan horse infection which is a almost like a virus that does undetected while performing actions behind your back. In the past drive-by attacks were well known to download and install rogue security programs.
In the recent attacks that lead to millions of web sites being hacked by a widget was found to be part of a malicious attack from hackers. The widget is called 'GrowSmartBusiness'. The hackers were seeking a quick pay-day by promoting their badware through popup advertisements. These ads are basically spread through this malicious widget that infects large numbers of websites by use of a sophisticated script. Some antivirus programs have recognized the downloader on user's computers as a variant of the infamous Koobface malware. Koobface was, and still is, known as a computer worm that spread malware through use of social networks such as Facebook and Twitter.
Since this attack, Network Solutions has disabled the identified widget and culprit of this attack. Researchers have identified that the attack initiated from Network Solution's parked domains. The malicious targeting IP address has also been traced to Hong Kong and Taiwan.
By attacking Network Solutions, it gives hackers a way to make money with very little effort on their part. By attacking a hosting company the hackers are able to hit several websites at once using drive-by attack methods. Experts and researchers believe that hackers may start targeting more hosting companies in an effort to infect even more computers.
Any webmaster that has used or installed the 'GrowSmartBusiness' widget is highly advised to discontinue use and delete it at once. Network Solutions is still attempting to determine the exact number of sites effected by this attack. It is possible that the number may be as low as 500,000 or as high as 5 million.
Webmasters, do you ever fear that you may have installed a malicious widget or plugin on your own website or blog?
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.