NBC.com HACKED to spread bank account-raiding Trojan
'No user info compromised' insists US telly network
The website of US TV network NBC was hacked to deliver Java and PDF exploits.
The attack against NBC.com - which hosts entertainment and TV content - used a cybercrime toolkit called Redkit that was ultimately aimed at delivering Citadel, a banking Trojan. NBC acted promptly to cleaned up its promotional site, admitting the problem on NBCNews.com, part of its NBC News Digital group, which it said was not affected by the hack.
"We’ve identified the problem and are working to resolve it. No user information has been compromised," NBC said in a statement.
NBC News Digital credited security researcher Ronald Prins of Fox-IT in the Netherlands with tweeting the first warning about the problem. Prins tweeted a warning against visiting NBC.com yesterday morning, saying it was spreading malware. ®
NBC.com.. so popular in the states that the first person to notice the malware... was in the netherlands...
RedKit Exploit Kit ..
To deliver the malware, RedKit exploits two popular bugs:
1.) The Adobe Acrobat and Reader LibTIFF vulnerability (CVE-2010-0188).
2.) The Java AtomicReferenceArray vulnerability (CVE-2012-0507), lately used by the criminals behind the massive Flashback infection.
Nothing to see here move along
No children were in danger, there was never a threat of radiation leakage, no need to evacuate the Internet...