Yesterday, NBC.com was hacked and the site was infected with malicious software. Several security experts advised users to avoid the site due to the fact that it had been compromised. Since many users presume large organizations such as NBC.com are free from malware, a hack such as this has the potential to reach a large number of people in a relatively short amount of time.
According to reports, an iframe on NBC's site loaded a webpage that attempted to download and execute malicious Java and PDF files. As the HitmanPro blog explains, "The exploit drops the Citadel Trojan which is used for banking fraud and cyber-espionage." The attacks were carried out using the RedKit Exploit Kit which is known to generate and rotate attack URLs every hour. According to Fox-it.com, the version of Citadel used in the attack is only recognizable by 3 out of the 46 antivirus programs on virustotal.com.
After visiting NBC.com, the HitmanPro blog notes some victims have been infected with the ZeroAccess malware. This malware modifies search results on a user's computer and generates pay-per-click ad revenue for the criminals.
It's been reported that other NBC-affiliated websites such as http://www.latenightwithjimmyfallon.com were also serving some of the same malicious links as NBC.com.
After discovering the hack, Facebook blocked users from accessing the NBC.com website through its site in an effort to help protect users from being infected. If a user attempted to share a URL from NBC.com, they would see an error message that read, "An error occurred while processing this request. Please try again later." If a user attempted to access a NBC link through Facebook a message stating, "This link has been reported as abusive" would appear. Users who attempted to visit NBC.com or one of its affected affiliate sites using Google Chrome or Firefox may have received warnings yesterday as well.
In a statement released yesterday NBC said, "We've identified the problem and are working to resolve it. No user information has been compromised." Late Thursday, NBC Universal said its website was safe to visit. An NBC spokeswoman who spoke with Reuters said she could not confirm whether users had been infected by visiting the site. NBC News claims NBC News Digital sites such as NBCNews.com and TODAY.com were unaffected by the attack.
Security researcher Dancho Danchev believes the cybercriminals behind the NBC.com attack are the same as those responsible for fake Facebook and Verizon Wireless emails that direct readers to infected Web pages. According to Danchev, the tactics used in the NBC.com attack as well as the sites that users were redirected to were similar to earlier attacks involving Facebook and Verizon Wireless. As Danchev put it, "Someone's multi-tasking. That's for sure."