Visitors to NBC’s websites are in danger of having their PCs infected with malicious software. NBC belongs to the most visited TV and news portals worldwide. A hitherto unknown organization has obtained access to the NBC webservers. The attackers managed to inject malicious iframes into the website’s source codes. Using these and with the aid of the RedKit exploit kit, the attack attempts to infect unprotected computers with variants of the widely spread Citadel and ZeroAccess bots.
Security experts at Emsisoft were alerted to this incident thanks to accumulating alerts in their own cloud service, Anti-Malware Network. Initial analysis shows that the attack attempts to install either Citadel or ZeroAccess malware on visitor’s computers by using different exploits. The attack appears to target an older version of Adobe Reader, and once again, the Java Runtime Environment.
The attack started on the main portal NBC.com and was taken down a few hours later. But the assault is not over yet as at this time the subsidiary websites latenightwithjimmyfallon.com and jaylenosgarage.com are still spreading malware. Tricky iframe were injected directly into the main page. Additionally another malicious iframe is used in one of the JavaScript files.
Both the exploits used in the attack (CVE-2013-0422 and CVE-2010-0188) are known and fixed in the latest versions of Java and Adobe Reader. The exact method can be changed at any time however, and such exploit kits typically only deliver attacks tailored specifically to the software on the victim’s system.
It is therefore recommended that you refrain from visiting NBC.com and subsidiary websites until further notice and to ensure that their operating system and all software on their computer are up to date.
UPDATE: The sites appear to be ‘up’ now.