Download our in-depth report: The Ultimate Guide to IT Security Vendors
NBC.com was briefly infected with malware on Thursday afternoon.
"For around fifteen minutes at noon PST, NBC.com redirected all visitors to the RedKit exploit kit -- specifically, most of NBC's pages contained an iFrame that redirected to the first stage of the RedKit malware. ... RedKit infection starts when a user visits a compromised website, which contains the link to a RedKit landing page," writes ZDNet's Violet Blue.
"There were two exploits links on the NBC website," SurfRight reports. "The first one was on the main default (entry) page. And the second one is still located on hxxp://www.nbc.com/assets/core/js/s_wrapper.js. It serves both Java (CVE-2013-0422) and PDF exploits. The exploit drops the Citadel Trojan which is used for banking fraud and cyber-espionage. ... An hour later the attack pages were swapped, which means the cyber criminals still [had] access to NBC’s pages."
Sucuri's Tony Perez reports that other NBC sites, including Late Night with Jimmy Fallon and Jay Leno's Garage, were also breached.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"'We identified the problem and are working to resolve it,' an NBC spokeswoman told The Huffington Post," writes The Huffington Post's Gerry Smith. "The spokeswoman did not know how long the website had been potentially spreading malware, but by 4 p.m., she said the site was 'cleaned up' and no user information was compromised. 'Users who go on there now are safe,' she said."
"It has been shown before (with Dutch news site nu.nl, for example, along with the recent incidents at the New York Times and Wall Street Journal), targeting media and news Web sites can vastly improve an attacker’s chances of success," Fox-IT's Barry Weymes notes. "Users presume these large organizations' Web sites to [be] free from malware. If an attacker can gain access to these Web servers, they can use them to distribute malware to every visitor of that Web server."