14 DAY TRIAL // Update. Washington Free Beacon representatives have told Softpedia that the issue has been addressed. The site is now safe to visit. Find the initial story below.
These days, most media organizations are in a rush to publish stories on the recent NSA data leak. As expected with a story of such importance, cybercriminals have already started abusing it for their malicious operations.
However, this time, they aren’t sending out emails that contain links which appear to point to NSA-related stories. Instead, they’ve compromised the official website of The Washington Free Beacon (freebeacon[dot]com) and altered the article about the NSA leaker so that it leads readers to a Java-based exploit kit.
In addition to the NSA leaker article, cybercriminals have injected malicious JavaScript code into several other pages, including the index page.
The incident is similar to the one that affected other US media sites back in May, Invincea experts, the ones who have analyzed the attack, have explained in a blog post.
Visitors of the site, which experts say you should not access until this is sorted out, are taken to a domain that hosts the Fiesta exploit kit. The exploit kit probes the victims’ systems for Java vulnerabilities, which it leverages to push malware.
According to Invincea, the malware in question is not detected by most antivirus solutions. That’s because although the malicious toolkit and the exploit method are similar to other campaigns, the malware’s signature is changed for every attack.
Invincea says that its customers are protected against the malware. The best way for other users to protect themselves against the threat is by making sure their Java installation is up to date.
On Monday, when Invincea published the technical details of the attack, the company claimed that it had notified The Washington Free Beacon. However, the security firm says it hasn’t received any confirmation or response from the media organization.
The technical details of the attack are available on Invincea's blog.