Network Solutions malcode widget first discovered by VeriSign Trust Seal web site malware scanning
Nov 28
Network Solutions malcode widget first discovered by VeriSign Trust Seal web site malware scanning
There’s a lot in the news right now about the malware distributed from what may be as many as 5,000,000 parked Network Solutions pages. In addition to the earlier article, here’s a nice summary from Brian Krebs, and here’s one from Elinor Mills of CNET.
The story originally broke from VeriSign Trust Services partner Armorize in a detailed two-part blog (part two here) with a subsequent, also detailed, follow up. In the second Armorize blog post, the team writes,
A few days ago, in response to questions by one of our largest customers, we analyzed a widget by Network Solutions
I happen to know that the large customer in question was the VeriSign Trust Services division of Symantec, and the original source of the discovery was the daily scan for web site malware distribution that we include with our VeriSign Trust Seal.
Since February we have offered web site malware scanning with the standalone version of the VeriSign Trust Seal, and we’re in the process of rolling this same functionality out to 100% of the VeriSign-branded SSL customer base. SSL customers who have activated the service receive a daily scan of their web sites, seeking malware distribution, at no additional charge. One of these daily scans identified a malware hit on a VeriSign SSL customer’s site. Since we notify the site operator when these incidents occur – complete with identification of the specific page, line of code, and text string in which the malware distribution occurs – the problem almost always is fixed the same day. This particular page hit again for malware the next day and then the day after that, unusual enough that our team started to investigate. As part of that investigation we pulled in Armorize, and the rest is history.
This indicent illustrates a few salient points.
Web site malware distribution is a scourge on online safety today. As Armorize writes about this attack in its follow up, “We strongly believe that the number of potentially impacted users is high.”
Daily scans are an indispensible part of fighting this problem. Armorize reports that this attack has been live since May. It was not until VeriSign started for roll out widespread malware scanning that anybody discovered it.
You can’t count on the fact that other parties will discover these attacks. Network Solutions now agrees that the widget in question was a distributor of malware and has pulled it down. But what happened during the three months prior to that?
Businesses need to choose to monitor and manage their own security and not to assume that a hoster or other service provider is getting it right for them. This indicent is not the first of its kind. Just a few months ago we saw a similar malware problem with a number of hosting providers, including Go Daddy. It’s clear that businesses can’t rely on hosters to manage this problem by themselves. Fortunately, there are solutions like the VeriSign Trust Seal that can make monitoring for malware distribution automatic, simple and affordable and can ease remediation to an attack considerably.
View the original article here
Posts Related to Network Solutions malcode widget first discovered by VeriSign Trust Seal web site malware scanning
New malware attack affecting sites hosted by Go Daddy
Tim Callan's SSL Blog - Online Security Tim Callan's SSL Blog: New malware attack affecting sites hosted by Go Daddy Tim Callan's SSL Blog Demystifying ...
I love when you talk about this type of stuff in your posts. Perhaps could you continue this?
When i visit a blog, chances are that i get disappointed.On the other hand,I have to say that you have done a good job here.
I usually get bored easily and close the tab but i honestly enjoyed what i read. Bravo !
Far or forgot to me is nearShadow and sunlight are the sameThe vanished gods to me appearAnd one to me are shame and fame.They reckon ill who leave me outWhen me they fly, I am the wingsI am the doubter and the doubt,And I the hymn the Brahmin sings.
For those that have not been on this field long enough – I know that the web isn’t the most reliable source for information. but for sure I can say how the author is right, however odd it may look
Not long stumbled on your site and can be already reading along. I think A totally free leave my first comment. I don’t know very to pronounce with the exception that I’ve enjoyed reading. Nice blog. In order to keep visiting your blog really often.
I know this would be better suited to an email, but do you mind if I ask what WordPress theme you’re using for this website? With the right changes (colors, banners, etc.) it would be perfect for my blog.
Good Day! This is a fantastic post dude. Thnkx However I am experiencing issue with your rss feed. Unable to subscribe. So anyone else getting same RSS trouble? Anyone who can help please respond. Thank you.
Thanks bud. Not bad blog you got going on here. Got some more sites to point to with a bit more information?
Hello good Angela ,I am finally a tea and coffee nut, really like the fragrance as well as the taste of tea as the primary thing after waking up. I consume atleast nine cups a day. BTW awesome blog, Hope you have a awesome day.
Wow, an amazing blog post man. Thank you Unfortunately I’m having issue with ur rss . Unable to subscribe. Is there anyone getting similar rss issue? Anybody who knows please respond. TQ
OMG! It is like you read my mind! You seem to know so much about this, like you wrote the book in it or something. I think that you can do with some pictures to drive the message home a bit, but other than that, this is great blog. A great read. I will definitely revisit again.
Good Post, I am a big believer in writing comments on blogs to let the blog writers know that they’ve added something of great benefit to the world wide web!
I want to thankx for the efforts you have made in composing this article. I am hoping the same top-grade blog post from you in the future as well. In fact your creative writing skill has inspired me to start my own blog now. Truly the blogging is spreading its wings rapidly. Your write up is a fine model of it.
This post was very nicely written, and it also contains many useful facts. I enjoyed your distinguished way of writing this post. Thanks, you have made it very easy for me to understand.
The beauty of these blogging engines and CMS platforms is the lack of limitations and ease of manipulation that allows developers to implement rich content and ‘skin’ the site in such a way that with very little effort one would never notice what it is making the site tick all without limiting content and effectiveness.
Hi just thought i would tell you something. This is twice now i’ve landed on your blog in the last 2 days looking for totally unrelated things. Spooky or what?
Nice blog here! Also your website loads up fast! What host are you using? I wish my website loaded up as fast as yours lol
It’s not that I want to replicate your website, but I really like the style. Could you tell me which style are you using? Or was it especially designed?
Hi just thought i would tell you something. This is twice now i’ve landed on your blog in the last 2 days looking for totally unrelated things. Spooky or what?
I know this would be better suited to an email, but do you mind if I ask what WordPress theme you’re using for this website? With the right changes (colors, banners, etc.) it would be perfect for my blog.