Australian Public Broadcaster's Website Infects Visitors

The Special Broadcasting Service (SBS), an Australian public broadcasting company, instructs it web visitors to scan their computers for malware after its website was compromised this weekend and used to distribute a trojan.

"This is the first time that the SBS site has suffered any sort of attack, however, unfortunately this is a common occurrence for many websites and organisations around the world.

"While SBS has comprehensive safety measures in place across the site, this source has been able to enter the site on this occasion and has inserted a link to a third party 'malware site'," a SBS spokeswoman said, according to Courier Mail.

Funded through a public-private partnership, SBS broadcasts radio and television programming in 68 languages all over Australia.

The company didn't reveal how the attack occurred because the security breach is still under investigation, although a malvertizing attack is most likely.

Malicious advertising, or malvertizing, is a problem that affected major websites in the past, including the New York Times and even advertising networks.

In this type of attack, cyber criminals pose as  advertising agencies looking to buy advertising space for their clients. Once the ad sales teams of the targeted companies have been tricked and their ad is allowed on the website, attackers change its content to direct visitors to malware.

"Users who may have inadvertently visited this third party malware site could then have had their machines infected with a virus depending on their security settings," the SBS spokeswoman added.

This suggests that it might have involved exploits for vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player. These drive-by download attacks are usually transparent to the victims.

The malware distributed in this case is said to endanger people's online banking accounts, which means it's likely one of the common banking trojans like ZeuS or SpyEye.