NBC website is hacked, visitors are infected with malware via drive-by attack

2013-02-23_203253

We have had a lot of hacking stories lately on dotTech simply due to a sudden spike in public cybercrime incidents. However, by and large the most recent incidents were either low-key (e.g. Twitter attack hacked) or aimed at the corporate sector rather than ordinary citizens (e.g. Apple hack). That, however, has changed with a recent successful hack on NBC’s NBC.com.

This past Thursday NBC.com and websites related to ‘Late Night with Jimmy Fallon’ and ‘Jay Leno’s Garage’ where hacked and embedded with RedKit, a malicious toolkit used by cybercriminals. RedKit was used to infect visitors with Citadel Trojan, a piece of malware that is used for “cyberespionage and to steal bank account information”.

RedKit works by scanning the programs and add-ons on a user’s computer for known vulnerabilities and then exploits those vulnerabilities to infect the user with malware.

The worst part? The hack came in the form of drive-by attack. A drive-by attack is an attack that automatically infects a user visiting the infected website, without the user having to actually download and run anything. In other words, all you had to do is visit NBC.com (no need to actually download anything) and you would be infected if you have a program or add-on that has a known vulnerability (e.g. if you didn’t update Java to the latest version).

According to security researcher Dancho Danchev: “The cybercriminals behind the campaign embedded invisible… elements on the main page, which they periodically rotated to prevent detection from security vendors and researchers”.

While it isn’t known how long NBC.com and related website were vulnerable for, according to a statement given to HuffingtonPost, NBC claims they cleansed their website by 4 PM on Thursday and NBC.com (and related websites) is now safe to visit.

I don’t know about you but this is bloody scary seeing as how many people visit NBC.com. If NBC.com, which is owned by NBCUniversal which is in turn own by Comcast, can be hacked and exploited like this, how do we know other websites — that aren’t run by a multi-billion corporation — are safe?

On the bright side, this isn’t a zero-day attack (i.e. Citadel Trojan is known and most, if not all, anti-virus programs will block it). Goes to show you the value of having a viable anti-virus program on your computer and constantly updating your programs and add-ons.

[via CNN Money, HuffingtonPost]

Related Posts