The Latest in IT Security compromise


Earlier today the main website of NBC and some of their show websites (such as were compromised to serve malicious content to users. The malicious content was inserted as a one-line iframe tag on one of the JavaScripts that gets loaded every time a user visits the page:

This one line of code forces the web browser of every visiting user to download content from the walterjeffers site that in turn redirected the user to two other sites to eventually use an exploit kit to automatically install a malicious file onto the computer. During the few hours the attack was active we saw several different URLs being used by the attackers. See the screenshot below for the sequence of events as recorded by our replay system that we have in the labs.




Two vulnerabilities were used to compromise the user’s computer. In the above example we can see a PDF file but the exploit will also try Java vulnerabilities. If either is successful, a malicious binary from the Citadel family is installed on the machine. This family of malware is a so called banking trojan which is designed to help the cyber criminals steal money from online banking accounts. While the file has very bad coverage from anti-virus solutions according to VirusTotal, our ThreatScope technology was able to see it as suspicious and provide a lot of additional details about the behavior of the file. See here for the full report. Websense customers were proactively protected against the exploit code attack by our real-time analytics specifically designed to prevent exploit kits.



NBC has since confirmed that their site has been cleaned up and it's again safe to visit.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments