The website NBC.com and other NBC websites were hacked and compromised by malware for a few hours around Thursday 12pm PST with RedKit malware.
The primary website for NBC, NBC.com, was breached by hackers and for a few hours visitors may have fallen victim to RedKit malware - a "drive by download" - if they visited or viewed the site.
Update February 21, 1:46pm: According to SUCURI a number of NBC websites were hacked. and the websites were serving malware for a few hours after they reported it to NBC - not minutes, as previously reported - and tens of thousands of people may be affected.
Right now the pages have been swapped with clean pages, meaning the new pages are currently safe to visit but that the attackers likely still have access to NBC and its websites.
NBC has acknowledged the attack and site compromise.
ZDNet urges readers to use caution when visiting the website and to pay attention to any virus or malware alerts they might receive if they vist NBC.com websites.
NBC released the following statement to NBC News after ZDNet reached out for comment:
We’ve identified the problem and are working to resolve it. No user information has been compromised.
For around fifteen minutes at noon PST, NBC.com redirected all visitors to the RedKit exploit kit - specifically, most of NBC's pages contained an iFrame that redirected to the first stage of the RedKit malware.
According to SUCURIblog, in addition to NBC.com other NBC sites were compromised including Late Night with Jimmy Fallon, Jay Leno's Garage "and others."
RedKit infection starts when a user visits a compromised website, which contains the link to a RedKit landing page.
The RedKit exploit kit deploys a banking trojan called Citadel, a version of the Zeus trojan. Citadel typically steals user banking credentials, but as recently as October has been shown to also steal intellectual property.
As of this writing, Google results now show the issue has been resolved, while fifteen minutes prior showed warnings of the compromise and indicated that the website is not safe to visit.