The Register® — Biting the hand that feeds IT

Feeds

NBC.com HACKED to spread bank account-raiding Trojan

'No user info compromised' insists US telly network

By John Leyden, 22nd February 2013
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

The website of US TV network ‪NBC‬ was hacked to deliver Java and PDF exploits.

The attack against NBC.com - which hosts entertainment and TV content - used a cybercrime toolkit called Redkit that was ultimately aimed at delivering Citadel, a banking Trojan. NBC acted promptly to cleaned up its promotional site, admitting the problem on NBCNews.com, part of its NBC News Digital group, which it said was not affected by the hack.

It's unclear how many people were affected. An analysis of the attack by security consultancy Fox-IT can be found here. A blog post by anti-virus firm Eset can be found here.

"We’ve identified the problem and are working to resolve it. No user information has been compromised," NBC said in a statement.

NBC News Digital credited security researcher Ronald Prins of Fox-IT in the Netherlands with tweeting the first warning about the problem. Prins tweeted a warning against visiting NBC.com yesterday morning, saying it was spreading malware. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (10)
Highly Rated
Darkone

NBC.com.. so popular in the states that the first person to notice the malware... was in the netherlands...

4
0
dgharmon

RedKit Exploit Kit ..

To deliver the malware, RedKit exploits two popular bugs:

1.) The Adobe Acrobat and Reader LibTIFF vulnerability (CVE-2010-0188).

2.) The Java AtomicReferenceArray vulnerability (CVE-2012-0507), lately used by the criminals behind the massive Flashback infection.

1
0
TXITMAN
Reply Icon

Nothing to see here move along

No children were in danger, there was never a threat of radiation leakage, no need to evacuate the Internet...

1
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Internet fraud still stings suckers
Australians twice as gullible as Americans
35