GoDaddy may have been under attack again by hackers who are injecting rogue code into legitimate sites hosted with the popular website provider. This information comes from Securi Security, which updated an earlier blog post with a report of "another related outbreak of exploited sites on GoDaddy."  The attack is apparently targeted toward sites that utilizes PHP code, and entails the insertion of a single line of obfuscated code into every PHP file. This command essentially redirects hapless users toward a malware-laden site.

Encoded in base64, the offending code could easily have escaped the detection of administrators or programmers not on the lookout for it. While Securi Security has helpfully released a simple utility that scans for and removes the offending line, the fix was criticized by some as being too "crude."

Personally, I feel that the most important course of action is to determine the insertion vector and to seal it. Given the high amount of automation and the sophisticated web interface offered by GoDaddy however, the actual security hole might not be one that can be readily identified and rectified. In its defense, the company says that the attack affected less than half of one percent of customers. GoDaddy is currently home to 4.3 million hosted sites. 

For more on this story:
- check out this article at Securi Blog
- check out this article at eWeek

Related Articles:
Antivirus defenses shaky, claims new report
Is antivirus software indispensable after all?
Malware found on some server motherboards
Microsoft Forefront will run AV engine of five vendors
McAfee will compensate users for bad antivirus update
McAfee AV update fiasco brings down thousands of systems