UPDATED 13:57 EDT / FEBRUARY 21 2013

NEWS

NBC.com and Associated Sites Hacked and Serving Citadel Malware -UPDATES: Google, Facebook Blocking NBC Links

A Twitter tip (@zrotech) has us on to the breaking news of NBC.com being hacked and serving up Citadel malware.

A quick search turned up the following information on the Hitman Pro blog –

A few hours ago Ronald Prins of Fox-IT (@cryptoron) was tweeting about NBC.COM spreading malware. We were investigating this as well and found the following interesting facts.

There were two exploits links on the NBC website. The first one was on the main default (entry) page. And the second one was located onhttp://www.nbc.com/assets/core/js/s_wrapper.js

It serves both Java (CVE-2013-0422) and PDF exploits. The exploit drops the Citadel Trojan which is used for banking fraud and cyber-espionage. The Citadel malware communicates with the following server, which is already sinkholed:

hxxp://184.82.177.125/tr2002/file.php
hxxp://184.82.177.125/tr2102/file.php

An hour later the attack pages were swapped, which means the cyber criminals still have access to NBC’s pages,  (my emphasis) linking to e.g.:

hxxp://moi-npovye-sploett.com/qqqq/1.php
hxxp://nikweinstein.com/cl/google.php
hxxp://walterjeffers.com/ctuk.html
hxxp://barbecuechickenrecipes.org/ctuk.htm

 

Banking fraud and cyber espionage are giant threats in the world of malware.  With all the news recently of Twitter, Facebook, and Apple getting hacked, it is interesting that this big of an exploit has come up in the recent wake of those stories.  There have been accusations of a Chinese military-sponsored effort behind the biggest and most sophisticated cyber-attacks against this country.  We’ll update with all details as they become available.  In the meantime, don’t visit NBC.com if you can help it.

Update – The same source reports that Facebook is blocking links to NBC.com

UPDATE 2 –
Reports are coming in that this of course affects not only NBC’s subsites, but other sites like JayLenosGarage and Late Night with Jimmy Fallon.  Google is also reportedly blacklisting all NBC sites, which I have tested but haven’t seen yet.

Last Update – There are reports that the malware is no longer active and has been removed from the sites.   We’ll have a wrap-up on everything we can find out – what happened, how you can protect yourself and more as soon as possible.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU