Over the weekend we were alerted to a potential issue with a publicly downloadable widget that was on our small business blog GrowSmartBusiness.com. The widget provided small business information and was available for download. In addition, the widget was on a subset of under construction pages that were on domains that have no active website. Our teams swung into action and removed any threat of potential malware and we continue to investigate the issue. We believe this issue only affected the hosting account where the small business blog was housed. No active Network Solutions customer websites were impacted. Additionally, there was also no compromise on our platform.
We have been working with the information provided by researchers and members of the security community and wanted to clarify a few things:
When did the malware first appear?
Our security team detected the presence of this malware on Friday, August 13th, and at the same time the social media team received a alert from Wayne Huang of Armorize. Throughout this year, the shared web hosting industry has been facing increasing attacks from perpetrators of malware. We are continually working to defend against these and similar types of attacks. In fact, as soon our system detects malware we work to run scans to detect, clean and protect customers.
Who was affected?
Our preliminary analysis is that the potential affected under construction web pages was less than 120k around the time of detection of the malware. We received reports of under construction pages showing pop-up boxes with Chinese writing in them when viewed from Taiwan; however when viewing the same page at the same time here in Herndon, VA, these boxes didn’t appear. It seems this attack targeted Chinese web servers.
What has Network Solutions done to cleanse the system?
We removed the widget link from both the GrowSmartBusiness.com blog and the impacted under construction pages. By removing this single link, the widget no longer appears. We also removed the widget from the open source, third party provider’s widget library. By doing this, the widget no longer appears on any website, blog or profile that had the link or downloaded the widget code.In addition, we have scanned our entire hosting platform to proactively detect this malware and there have been no other occurrences. We continue to monitor this very closely.
What if I visited GrowSmartBusiness.com in the past, should I be worried?
The widget was not on the homepage of the GrowSmartBusiness blog. You would have had to go to a specific URL to download it.
I’m a Network Solutions customer, what can I do to proactively check to see if my website was affected?
This malware issue did not affect any active customer websites and did not affect any customer content on a customer’s website. If you did download or add this widget to your website, it has been removed and you will see that the image of the widget no longer appears.
We apologize for any inconvenience this issue may have caused as the intent of the widget was to provide valuable small business information. Thank you for your patience and understanding.
Brought to you by Network Solutions®
