May 24, 2007 -- (WEB HOST INDUSTRY REVIEW) -- Internet security Blog Security Fix - written by Brian Krebs for the Washington Post - reported this week that Web hosting provider IPOWER, identified last month by the StopBadware.org project as host to certain compromised Web sites discovered serving malicious software to users (often unwittingly), may in fact be the victim of a much larger hack.
The StopBadware project originally reported a recent proliferation in ordinary Web sites that have been compromised without the operators' knowledge to distribute "badware," which attempts to exploit browser holes or use other tricks to install malicious software on visitors' machines.
According to the original StopBadware report, IPOWER was the host of approximately 10 percent of the 90,000 sites identified by the study. But Security Fix said this week that its investigating revealed that IPOWER may be considerably more compromised than first indicated.
The site examined nine of IPOWER's virtual servers, which it says host at least 8,192 active Web sites. More than 2,650 of those sites, it says, included code designed to silently retrieve malicious software from sources online.
In an email response to Security Fix, IPOWER reported that it had been targeted recently, and that a significant cleanup effort had already been underway at the company for several months. The company says it downloaded the StopBadware list immediately to help with that effort, and that several thousand of the sites listed had already been repaired by the time IPOWER downloaded the list on the day it came out.
The blog post extrapolates the results from its sample of IPOWER's servers to the company's entire reported customer base of 700,000 servers, suggesting the potential that close to a quarter of a million sites could be compromised in this way.
