Hackers broke into the websites of US broadcasting network
National Broadcasting Company (NBC) but apparently did not mean to just
deface their targets.
The intruders also
injected malware into the sites that effectively made them pass on the
malware to site visitors, security vendor Emsisoft said.
"The websites of the famous US broadcaster NBC as well as various
popular NBC shows like 'Late Night with Jimmy Fallon,' 'Jay Leno’s
Garage,' and possibly others have been hacked. Attackers managed to
inject malicious iframes both inside the homepages as well as some
JavaScript files that point to the RedKit exploit kit," Emsisoft said in
a blog post.
Emsisoft said malicious iframes were inserted into the main pages and into JavaScript files of the targeted sites.
It also noted observed the attackers used several drop sites for their attack.
According to Emsisoft, the attack started on the main portal NBC.com
and was taken down a few hours later, but subsidiary websites
latenightwithjimmyfallon.com and jaylenosgarage.com are still spreading
malware.
It recommended that people "refrain
from visiting NBC.com and subsidiary websites until further notice and
to ensure that all programs on their computer are up to date."
Exploit kits
Visitors to the affected sites will be scanned for "exploitable" versions of browser plugins like Adobe Acrobat or Java.
The exploit will then try to install the notorious Citadel or ZeroAccess bot malware on the visitor's PC.
Citadel is used mainly for banking fraud, espionage, and as a
distribution network for other malware. ZeroAccess is mainly used for
click fraud by simulating clicks on advertisements or redirecting search
requests. — TJD, GMA News
No comments:
Post a Comment