Users were exposed to threats for at least 24 hours
NBC.com and a few of the company’s TV show websites, such as Jay Leno’s Garage and Late Night with Jimmy Fallon, have been hacked. For at least 24 hours, visitors of these sites were redirected to a domain that hosted the RedKit exploit kit.ESET reports that the first signs of an infection were spotted on February 20 at around 17:00 CET.
“The exploit is trying to download multiple files to victim machines. Not surprisingly these files are dubious in character,” ESET’s Stephen Cobb explained.
“One of the files being served up is a downloader called Win32/TrojanDownloader. Vespula.AY which, again not so surprising, attempts to download some more artifacts that are currently being analyzed. Other downloads are detected as Trojan.JS/Exploit.Agent.NCX,” he added.
According to Websense, two vulnerabilities were utilized in the attack: one that affects Adobe Reader and one that impacts Java.
If one of the security holes was discovered, the exploit kit pushed a malicious binary from the Citadel family onto the victims’ machines.
Interestingly, independent security consultant Dancho Danchev found that the cybercriminals behind the attack are the same ones sending out bogus Facebook and Verizon Wireless emails in an attempt to lure users to malicious websites.
Fortunately, most security firms that analyzed the incident said their customers were protected by the threats. However, internauts who didn’t have any antivirus solutions or up-to-date products while visiting the sites could have had their computers infected with the banking Trojan.
NBC has reported that its sites have been cleaned up.
NBC.com is not the only major website compromised by cybercriminals over the past months. Earlier this month, we learned that a subdomain of LA Times had served malware for around 5 weeks.