Some parked domains from Network Solutions that display "page under construction" messages were found to be serving up malware from a widget that was later disabled over the weekend, a security researcher told ZDNet UK's sister site CNET News on Monday.
This screenshot shows the fake chat message and the malicious widget on the test site that Armorize registered to test the attack. Screenshot: Armorize
However, parked domains still had malware in the form of a malicious script that targets IP addresses coming from Taiwan and Hong Kong and which serves up a fake chat message and redirects to other websites, said Wayne Huang, co-founder and chief technology officer at security firm Armorize. The company is still analysing the malware and it is unclear exactly what happens when computers are redirected, he said.
It's unclear exactly how many web pages or domains were affected, but Google lists more than 500,000 results when keywords are used for parked domains and Yahoo's search results list at least 5 million, according to Huang. Huang tested an undisclosed sample number of the sites from each of the search engine results and then registered a test site to see if it served up the malicious widget and the other malware, and it did, he said.
For more on this ZDNet UK-selected story, see Parked Network Solutions domains served up malware on CNET News.
