NBC.com hacked, briefly compromised with RedKit malware

The website NBC.com and other NBC websites were hacked compromised by malware for a few hours Thursday around noon PST with RedKit malware. UPDATED.
Written by Violet Blue, Contributor

The website NBC.com and other NBC websites were hacked and compromised by malware for a few hours around Thursday 12pm PST with RedKit malware.

nbc hacked malware

The primary website for NBC, NBC.com, was breached by hackers and for a few hours visitors may have fallen victim to RedKit malware - a "drive by download" - if they visited or viewed the site.

Update February 21, 1:46pm: According to SUCURI a number of NBC websites were hacked. and the websites were serving malware for a few hours after they reported it to NBC - not minutes, as previously reported - and tens of thousands of people may be affected.

Dutch firm Fox IT was first to report the issue and has posted a detailed analysis of the attack inlcuding a list of banks the malware exploits.

Right now the pages have been swapped with clean pages, meaning the new pages are currently safe to visit but that the attackers likely still have access to NBC and its websites.

NBC has acknowledged the attack and site compromise.

ZDNet urges readers to use caution when visiting the website and to pay attention to any virus or malware alerts they might receive if they vist NBC.com websites.

NBC released the following statement to NBC News after ZDNet reached out for comment:

We’ve identified the problem and are working to resolve it. No user information has been compromised.

For around fifteen minutes at noon PST, NBC.com redirected all visitors to the RedKit exploit kit - specifically, most of NBC's pages contained an iFrame that redirected to the first stage of the RedKit malware.

According to internet security monitor and alert system the Internet Storm Center NBC redirected users to:

Some of bad iframes public known are:




The malware was on the default NBC.com page and on http://www.nbc.com/assets/core/js/s_wrapper.js - which served site visitors Javascript and .PDF exploits.

According to SUCURIblog, in addition to NBC.com other NBC sites were compromised including Late Night with Jimmy Fallon, Jay Leno's Garage "and others."

RedKit infection starts when a user visits a compromised website, which contains the link to a RedKit landing page.

The RedKit exploit kit deploys a banking trojan called Citadel, a version of the Zeus trojan. Citadel typically steals user banking credentials, but as recently as October has been shown to also steal intellectual property.

As of this writing, Google results now show the issue has been resolved, while fifteen minutes prior showed warnings of the compromise and indicated that the website is not safe to visit.

Facebook, however, seems to still be preventing users from linking to NBC.com.

RedKit was first publicly identified last year in May as an exploit kit that contains an API that generates new host-site URLs every hour.

RedKit malware targets vulnerabilities in applications such as Java and Adobe Reader.

According to ThreatPost, Arseny Levin of Spiderlabs named the malware RedKit in because of its color scheme.

RedKit’s most salient feature is the API that creates a fresh attack URL every hour. This feature will make it incredibly difficult to reliably block RedKit infected sites.

The kit also has a feature that allows its users to upload an executable and test it against 37 different antivirus solutions.

Malware are a malicious computer programs that install without user consent to the victim's computer and executes functions in the background.

The National Broadcasting Corporation website NBC.com is an American website for information about its prime time, day time and late night television shows.

No hacking group or individual has been identified as the culprit at this time.

ZDNet will update this post with details as new information is made available.

Editorial standards