And the hack-a-thon continues, as NBC.com has become the latest to be infected with malicious software. The first report actually stemmed from Facebook Thursday afternoon, as the social network began blocking access to NBC's website after it was reported as "abusive". Google also blacklisted the site.
After reports began to surface, several security bloggers confirmed the infection, advising web surfers to steer clear of the buggy website. Those who already visited may have suffered a drive-by-download attack using the Citadel Trojan, meaning software is downloaded to the hard drive simply by loading the webpage. This Trojan is typically used in banking fraud and… wait for it… cyber-espionage.
According to Securi, affected websites included Late Night with Jimmy Fallon, Jay Leno's Garage and other NBC-based websites. "Anyone that visits the site (which includes any sub-page) will have malicious iframes loaded as well redirecting the user to exploit kits (Redkit)," the blog stated.
The HitmanPro blog added that there were two exploit links on the NBC website, one of which was on the main default (entry) page. Both served up Java and PDF exploits which dropped the Citadel Trojan on the unsuspecting visitor. Two Trojans were actually detected which communicated to two separate servers.
Some of the victims have also been infected with the ZeroAccess malware, HitmanPro said. Symantec describes this as a Trojan that uses an advanced rootkit to hide itself. It can also create a hidden file system, download more malware, and open a back door on a compromised computer. It's called ZeroAccess due to a string found in the kernel driver code.
By 4pm EST, NBC reportedly cleaned up its mess. "Users who go there now are safe," an NBC spokeswoman told The Huffington Post. Indeed, pulling up NBC.com in a web browser no longer triggers a Trojan warning.
NBC is just one of many sites that have suffered hacks over the last few months. The Wall Street Journal, The New York Times and The Washington Post have pointed fingers at China whereas Facebook, Twitter and Apple have remained quiet on the possible source. This string of hacks is a perfect example of why readers should always keep everything up-to-date including Windows, Java, Adobe, browser and anti-virus products.