14 DAY TRIAL // The websites of BBC 6 Music and 1Xtra radios were used by hackers to exploit visitors and infect them with a dangerous banking trojan.
According to security researchers from Websense, attackers exploited vulnerabilities in the two websites in order to inject a hidden iframe into them.
The iframe loaded malicious content from a *.co.cc domain, that was part of the Phoenix exploit toolkit.
Phoenix is a Web attack kit that tries to exploit vulnerable versions of popular applications installed on the visitor's computer.
Different versions of the kit can have different exploits, but the software usually targeted includes Java, Adobe Reader, Adobe Flash Player, Internet Explorer, Firefox and even Windows itself.
If exploitation is successful, a malicious program is installed on the victim's computer. This can be anything the attackers want.
Such attacks are known as drive-by downloads and are one of the primary vectors of malware infection these days.
They are considered very dangerous because everything happens in the background with little or no indication for the user.
In this case, the malware distributed by the exploit is a variant of SpyEye, a sophisticated banking trojan capable of stealing financial details and other sensitive data.
It is currently believed that SpyEye and ZeuS, the most popular banking trojans in the cybercriminal world, are currently being merged together.
The detection rate for this sample is pretty low at the moment, with only 9 out of 43 antivirus engines on Virus Total detecting it.
Fortunately, even if the payload does not have a high detection rate, the exploits served by Phoenix might. Therefore, it is critically important to always surf the web with an up-to-date antivirus solution that has a Web shield component.
These are not the first BBC websites to be infected. Last year we reported about the BBC Radio 3 website having similar problems.