NBC.com hacked, briefly compromised with RedKit malware

NBC.com hacked, briefly compromised with RedKit malware

Summary: The website NBC.com and other NBC websites were hacked compromised by malware for a few hours Thursday around noon PST with RedKit malware. UPDATED.

SHARE:
TOPICS: Security, Malware
6

The website NBC.com and other NBC websites were hacked and compromised by malware for a few hours around Thursday 12pm PST with RedKit malware.

nbc hacked malware

The primary website for NBC, NBC.com, was breached by hackers and for a few hours visitors may have fallen victim to RedKit malware - a "drive by download" - if they visited or viewed the site.

Update February 21, 1:46pm: According to SUCURI a number of NBC websites were hacked. and the websites were serving malware for a few hours after they reported it to NBC - not minutes, as previously reported - and tens of thousands of people may be affected.

Dutch firm Fox IT was first to report the issue and has posted a detailed analysis of the attack inlcuding a list of banks the malware exploits.

Right now the pages have been swapped with clean pages, meaning the new pages are currently safe to visit but that the attackers likely still have access to NBC and its websites.

NBC has acknowledged the attack and site compromise.

ZDNet urges readers to use caution when visiting the website and to pay attention to any virus or malware alerts they might receive if they vist NBC.com websites.

NBC released the following statement to NBC News after ZDNet reached out for comment:

We’ve identified the problem and are working to resolve it. No user information has been compromised.

For around fifteen minutes at noon PST, NBC.com redirected all visitors to the RedKit exploit kit - specifically, most of NBC's pages contained an iFrame that redirected to the first stage of the RedKit malware.

According to internet security monitor and alert system the Internet Storm Center NBC redirected users to:

Some of bad iframes public known are:

hxxp://www.jaylenosgarage[.]com/trucks/PHP/google.php

hxxp://toplineops[.]com/mtnk.html

hxxp://jaylenosgarage[.]com

The malware was on the default NBC.com page and on http://www.nbc.com/assets/core/js/s_wrapper.js - which served site visitors Javascript and .PDF exploits.

According to SUCURIblog, in addition to NBC.com other NBC sites were compromised including Late Night with Jimmy Fallon, Jay Leno's Garage "and others."

RedKit infection starts when a user visits a compromised website, which contains the link to a RedKit landing page.

The RedKit exploit kit deploys a banking trojan called Citadel, a version of the Zeus trojan. Citadel typically steals user banking credentials, but as recently as October has been shown to also steal intellectual property.

As of this writing, Google results now show the issue has been resolved, while fifteen minutes prior showed warnings of the compromise and indicated that the website is not safe to visit.

Facebook, however, seems to still be preventing users from linking to NBC.com.

RedKit was first publicly identified last year in May as an exploit kit that contains an API that generates new host-site URLs every hour.

RedKit malware targets vulnerabilities in applications such as Java and Adobe Reader.

According to ThreatPost, Arseny Levin of Spiderlabs named the malware RedKit in because of its color scheme.

RedKit’s most salient feature is the API that creates a fresh attack URL every hour. This feature will make it incredibly difficult to reliably block RedKit infected sites.

The kit also has a feature that allows its users to upload an executable and test it against 37 different antivirus solutions.

Malware are a malicious computer programs that install without user consent to the victim's computer and executes functions in the background.

The National Broadcasting Corporation website NBC.com is an American website for information about its prime time, day time and late night television shows.

No hacking group or individual has been identified as the culprit at this time.

ZDNet will update this post with details as new information is made available.

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • This shows problems with the China accusations

    It's been long established that Redkit and Citadel are Russian-made and are high quality enough to be sold on the cyber black market like any other very high priced, industry specific software (including even a "Terms of Service.") The Citadel trojan was originally designed to attack financial institutions, but reports from just a few weeks ago show that the latest versions of Citadel is being successfully used against commercial and government targets to gather ID's that can be used for a variety of purposes (including being sold to the higher bidders.)

    The level of malware and hacking sophistication here is a magnitude higher any anything shown in that recent Mandiant report blaming China. I wouldn't put it past China to be in that little bidding process, but that's a whole different thing from being the actual hackers.
    JustCallMeBC
  • cnbc.com

    crazy that this happened today,i got a email from a buddys account that lead to a cnbc.com looking web page for a work from home scam that dropped a virus when the link opened, i sent the link to cnbc and got a thank you back.
    charlieg1
  • OK Something is wrong here.....

    Who would want to hack NBC? They came in 5th in the February sweeps behind Univision network! The TV show Do No Harm was pulled after 2 episodes as it accumulated the lowest in-season ratings in [recent] history.
    I'm hoping who ever tried to break in wasn't stealing any secrets about new TV shows coming up!
    Gisabun
    • Re: OK Something is wrong here.....

      It makes perfect sense to me to hack NBC. Who's the most unknowledgeable, unprotected demographic on the Internet? Seniors (okay, not all of them but a lot of them). Who has the most money, the most unwarranted trust, and are the most gullible to scams? Again, seniors (okay, not all of them, again, but a lot of them).

      Now, here's your final question? What demographic watches Jay Leno?

      Now, do you see why NBC got hacked?
      Rexxrally
  • Scary...

    This story kills the assumption that a web site run by a reputable company is automatically "safe".

    On this one, my guess is at least a few heads will roll at NBC's website and IT departments. Hopefully it will serve as a wake-up call to other companies to upgrade their security in order to guard against a repeat of an event like this.
    g-man_863
    • securitycroc

      Indeed. With the increase of cyberthreats and more complex malware/attacks, it's important for companies and individuals to stay secure.
      Securitycroc