On March 6, reports surfaced about malware being pushed from Atlantic Media’s National Journal website (nationaljournal.com).At the time, MediaBistro revealed that cybercriminals had managed to gain unauthorized access to the site around February 18 and abused it to push malware onto the computers of National Journal visitors.
Atlantic Media representatives revealed that around 40,000 individuals who used Internet Explorer to access the site between February 18 and March 1 might have been impacted. In addition, only those who accessed the website via a search engine were prompted to download malicious software.
The company hasn’t found any evidence to suggest that sensitive information from the site’s databases has been compromised.
“We hired an external IT security firm, and they believe that no evidence suggests that passwords or emails shared with National Journal were compromised,” National Journal publicist Ben Fishel told MediaBistro.
“It’s what we are calling a front door attack, meaning the unauthorized individual did not enter through any back channels nor did they have access to our internal emails and network.”
However, that’s not the end of the story. On March 12, experts from Invincea reported that the website was compromised once again.
Researchers found a redirection script added to the top of the website’s index page. This iframe redirected victims to a malicious website hosting the Fiesta exploit kit.
The exploit kit leveraged a Java vulnerability to serve a couple of malicious elements: a Fake AV and a variant of the ZeroAccess rootkit.
The site of the National Journal is not the only one found to be serving malware this year. In February, we learned that a site of the LA Times and various NBC domains were abused in a similar manner.