The Washington Post ran a story about a large scale infiltration to IPower, a major hosting provider. According to the story and the following comments, it seems that the problem is plunging IPower for a long time without being resolved. Put in perspective the PlusNet incident which was serious but swiftly handled and publicly acknowledged by the company.

Actually the problem is so dominant that a recent StopBadware report lists Ipower as by far the most Malware infected hosting company. Reports mention that the problem started as early as mid 2006.

The root cause of the breach here is mentioned as being a vulnerability in either Apache, PHP or cPanel. I have selected the third as being more probably until further evidence materialize.

Additional information:

• Cyber Crooks Hijack Activities of Large Web-Hosting Firm [Washington Post, May 23 2007]
• StopBadware.org Identifies Companies Hosting Large Numbers of Websites That Can Infect Internet Users With Badware [StopBadware, May 4 2007]