A Twitter tip (@zrotech) has us on to the breaking news of NBC.com being hacked and serving up Citadel malware.
A quick search turned up the following information on the Hitman Pro blog –
It serves both Java (CVE-2013-0422) and PDF exploits. The exploit drops the Citadel Trojan which is used for banking fraud and cyber-espionage. The Citadel malware communicates with the following server, which is already sinkholed:
An hour later the attack pages were swapped, which means the cyber criminals still have access to NBC’s pages, (my emphasis) linking to e.g.:
Banking fraud and cyber espionage are giant threats in the world of malware. With all the news recently of Twitter, Facebook, and Apple getting hacked, it is interesting that this big of an exploit has come up in the recent wake of those stories. There have been accusations of a Chinese military-sponsored effort behind the biggest and most sophisticated cyber-attacks against this country. We’ll update with all details as they become available. In the meantime, don’t visit NBC.com if you can help it.
Update – The same source reports that Facebook is blocking links to NBC.com
UPDATE 2 –
Reports are coming in that this of course affects not only NBC’s subsites, but other sites like JayLenosGarage and Late Night with Jimmy Fallon. Google is also reportedly blacklisting all NBC sites, which I have tested but haven’t seen yet.
Last Update – There are reports that the malware is no longer active and has been removed from the sites. We’ll have a wrap-up on everything we can find out – what happened, how you can protect yourself and more as soon as possible.