Hundreds of Web sites hosted by Go Daddy were found to be compromised this week and were redirecting visitors who'd arrived at the sites from search engines to a site with malware on it, the hosting provider told CNET today.
"Wednesday, Go Daddy's Security Team detected that approximately 445 hosting accounts were compromised," said Todd Redfoot, chief information security officer at Go Daddy. "The accounts were accessed by using the account holder's username and password."
"We are still investigating the issue, but so far our security team is confirming this was not an infrastructure breakdown and should not impact additional customers," he said. "We quickly removed the malicious code and went to work to assist each of our customers to address the issue." The systems were cleaned up that same day, he added. Go Daddy hosts 5 million accounts.
Redfoot said he didn't know exactly how the intruder obtained the usernames and passwords, but he said it was most likely malware such as keyloggers or possibly phishing. There did not appear to be a trend in the types of sites compromised, he said.
Visitors who tried to enter the compromised sites via any of the major search engines were redirected to a site that attempted to install malware on their computer, Redfoot said, but he said he did not know what type of malware it was.
The attack was first reported by Sucuri Research.