Over 10,000 malware sites hosted by IPowerWeb

A little more than a month ago, I wrote about an experience a friend had discovering that her website had been hacked, with the attacker adding a small piece of Javascript to her front page. This Javascript attempted to open up an iframe and install software on the surfer’s machine designed to open a back door to the machine. The hackers in question appear to be affiliated with the Russian Business Network, a group of extremely talented and well-organized hackers who are using a wide range of techniques to compromise windows boxes.

My colleages with Stop Badware just released (surprisingly quietly…) a press release that adds some more color to the story. My friend’s compromised page was hosted with IPowerWeb, a major web hosting provider that claims over 700,000 customers. Stop Badware announced that there are 10,834 sites hosted by IPowerWeb in the Stop Badware index – this index is composed of sites that Google and other partners have identified as hosting code that could damage a visitor’s machine. More than one in five of the sites Stop Badware analyzed was hosted by IPowerWeb. That statistic strongly suggests that IPowerWeb has been systematically compromised, allowing hackers to inject this hostile code, possibly through a bug in cpanel (which IPowerWeb runs on at least some of their servers.)

When my friend contacted IPowerWeb about her compromised site, the technicians instructed her to remove the offending Javascript from her page, which we’d already done. They didn’t mention any possible vulnerabilities in their hosting setup, or concede that the compromise on her site had come through a vulnerability in their servers.

This strikes me as a story that should be getting more attention from the tech community. A major webhosting provider is vulnerable to attacks on hosted pages. Over 10,000 pages have been affected, and some now contain a Javascript designed to load a Windows trojan horse onto visitors’ machines. That trojan horse may be sending data (including passwords entered into your browser!) to a cabal of Russian hackers. I suspect it’s the sort of story I’d be inclined to cover if I were a technology journalist. But hey, I’m just a blogger – what do I know?

This entry was posted in Geekery, Media. Bookmark the permalink.

6 Responses to Over 10,000 malware sites hosted by IPowerWeb

  1. Matt Berg says:

    Ethan,

    You may have already seen this but it refers to the response Google is preparing to help police malware.

    http://www.roughtype.com/archives/2007/05/driveby_malware.php

    Matt

  2. richard says:

    For over two weeks now we cannot receive our emails due to ipowerweb incompetence. Their server WS21 was down for a few days which affected our website too. Upon restoring the server an older version of our website was reloaded which leads us to believe that they do not have an up to date backup. Every day we are in touch with their customer relations unit to no avail. We even wrote to their director of customer service Ms Victoria Masjedi and to date our email is down. Shame on such a money hungry good for nothing company. We are still waiting for a fix

  3. Vicky says:

    iPowerweb is one of the worst companies I’ve ever dealt with.

    Many people don’t check their websites enough to make sure they are up and running and have no idea that their iPowerweb site is consistently down. I’ve found that my site is either sluggish or completely unavailable on almost a daily basis (especially lately) and at least several times a week every week (all the time).

    The “support” is always way too understaffed and the wait times can go literally beyond an hour or more. The online help will put you on hold for well over 45 minutes only to say they will “review” your account and put you on hold another 45 minutes or so until you finally just give up.

    I’m going to finally get another webhost. I feel like an idiot for having giving them so many chances already. I’m through with being swindled by iPowerweb.

  4. Bruce says:

    Well kids, this just gets better and better. The IPOWERWEB bastids took me from a shared site to a vastly more expensive VPS situation. I told them I don’t know zip about administering web sites nor did I have a web designer. They assured me all was fine, no prob, they would simply transfer all my files to the new location and all would work as advertised. They didn’t do any of that for 5 months! When I discovered that, they agreed to change my renewal date to 5 months later. Well, at least that was proper. Then 4 months after THAT I find they STILL didn’t transfer the files. After multiple and endless phone calls with truly amazing 40 minute and longer wait times (including being disconnected once after waiting 25 minutes!) I’m told for a mere $150 dollars more, they can and will transfer all the files I was told originally they could and would do anyway. I said okay. It’s now 2 weeks later. The new location doesn’t operate properly and after 3 more nightmarish calls, I finally get “Spring” to confess that the Plesk system they provide IS NOT CAPABLE OF DOING WHAT MY EARLIER SITE DID OR WHAT I NEED THE CURRENT SITE TO DO!!!!!!!! Catch that? “Not capable.” IPOWERWEB to date as taken my money, either deliberately or due to incompetence misrepresented what they would provide me, and left me twisting in the wind. A lawyer is my next move, and I am making it with gusto. These kinds of truly crappy and pathetic companies that care zip about service or even merely providing what they advertise must be challenged at every turn. And y’know what? It feels really great to do that. Don’t let them get away with shafting YOU. If you do, you have only yourself to blame.

  5. Craig says:

    I won’t go into a lengthy story about my experiences with ipowerweb. It would take days just to cover the bad stuff and maybe a minute or two for the good stuff. With so many good hosting services out there, why take the chance with ipower. They are a nightmare in many ways. I can’t imagine a company like them will stay in business so there’s another reason not to use them. they will take your money and you will find yourself out in the cold.

  6. Craig says:

    By the way,

    http://center.spoke.com/info/p9ySjfs/NaveenKapoor

    If you scroll down, there are other executives listed. Maybe a few letters to these people will make them wise up.

Comments are closed.