Emsisoft Warns: Various NBC Websites Hacked and Spreading MalwareVisitors to famous American broadcaster NBC's websites are in danger of having their PCs infected with malicious software. A hitherto unknown organization has obtained access to the NBC webservers. The attackers managed to inject malicious iframes into the website's source codes. Using these and with the aid of the RedKit exploit kit, the attack attempts to infect unprotected computers with variants of the widely spread Citadel and ZeroAccess bots. NBC belongs to the most visited TV and news portals worldwide. Now, unknown attackers have succeeded in hacking NBC.com and various subpages. The security experts at Emsisoft were alerted to this incident thanks to accumulating alerts in their own cloud service, Anti-Malware Network. Initial analysis shows that the attack attempts to install either Citadel or ZeroAccess malware on visitor's computers by using different exploits. The attack appears to target an older version of Adobe Reader, and once again, the Java Runtime Environment. The attack started on the main portal NBC.com and was taken down a few hours later. But the assault is not over yet as at this time the subsidiary websites latenightwithjimmyfallon.com and jaylenosgarage.com are still spreading malware. Here is an example of the two malicious manipulations of the web code of NBC.com that the experts at Emsisoft have discovered. This tricky iframe was injected directly into the main page:  Additionally another malicious iframe is used in one of the JavaScript files:  Both of the exploits used in the attack (CVE-2013-0422 and CVE-2010-0188) are known and fixed in the latest versions of Java and Adobe Reader. The exact method can be changed at any time however, and such exploit kits typically only deliver attacks tailored specifically to the software on the victim's system. Emsisoft therefore recommends that people refrain from visiting NBC.com and subsidiary websites until further notice and to ensure that all programs on their computer are up to date. The security solution Emsisoft Anti-Malware detects all generic infection attempts with the Emsisoft Behavior Blocker. New signatures are currently being created to make cleaning already infected computers possible. Constantly updated blog entry: http://blog.emsisoft.com/2013/02/21/nbc-website-hacked-distributing-dangerous-citadel-malware-through-exploits/ Information about the Emsisoft Behavior Blocker: http://www.emsisoft.com/en/kb/articles/tec121016 Security guide: http://www.emsisoft.com/en/kb/articles/tec120101/ IMPORTANT LINKS
ABOUT EMSISOFT Emsisoft's ambition is to produce and market the best anti-virus software for personal and commercial users. The rapidly growing company is a leading European supplier of behavioral analysis technology for detecting damaging software such as Viruses, Trojans, Spyware, Keyloggers and other Malware. Over 5 million users worldwide make use of Emsisoft products. The company was founded in 2003 by Christian Mairoll, realizing his vision of a virtual company: The 20 company employees are distributed all over the world but work together as if they are sitting together in a real office. Emsisoft was commended with the Austrian "Constantinus" IT prize in 2005 for this innovative business management concept. The Emsisoft product range includes the security programs Emsisoft Anti-Malware, Mamutu, Online Armor Firewall, HiJackFree and MalAware.
| ||||||||