NBC.com got its 15 minutes of infamy on Feb. 21, when the company’s news portal and sites for other shows hosted a malicious script that attempted to infect visitors’ systems with the ZeroAccess and Citadel botnet software.
Attackers inserted malicious Javascript into pages on NBC.com as well as the main pages for the Late Night with Jimmy Fallon show and Jay Leno’s Garage show, European anti-malware firm Emsisoft stated in a blog post. The scripts would attempt to exploit a number of known software vulnerabilities in browsers and browser plug-ins.
“Once a user visits one of the affected NBC Websites, the RedKit exploit kit will scan the user’s PC for exploitable versions of various browser plug-ins, like Adobe Acrobat or Java, and send a viable exploit to the unsuspecting user’s browser,” the firm stated.
eWEEK confirmed that Google had blocked some of NBC.com’s pages with its Safe Browsing technology, displaying a warning when users searched for NBC.com. However, the actual compromise of the Website may have lasted only 15 minutes, according to security firm Malwarebytes.
The attack attempted to infect victims with either the Citadel or ZeroAccess Trojans. Citadel has mainly been used by a small cyber-criminal group to steal money from bank accounts, but recently has also been used to steal sensitive information from the networks of local-government offices and corporations.
“The malware, Citadel, is a reproduction of the Zeus banker Trojan and has the same capabilities of stealing financial information from users,” a spokesperson for Malwarebytes said in a statement e-mailed to eWEEK. “In addition, it can execute subsequent malware by installing ransomware on the victim’s system.”
The ZeroAccess Trojan is another program popular with criminals. The botnet, which has infected at least 2 million computers in North America alone, is typically used to fuel a click fraud scheme, which causes infected systems to send clicks to various ad networks to claim an affiliate fee for the criminals.
NBC.com is the second major company to be caught distributing malware this month.
On Feb. 4, major Web properties—from ZDNet to the Guardian UK—began setting off malware alerts after the homepage of their advertising provider, NetSeer, was compromised with malware. While NetSeer claimed that no malware was distributed through is advertising channels, the blacklisting of its homepage by Google’s Safe Browsing caused a warning to pop up for other sites as well.
Only four antivirus programs, out of 46, detected the malware served from NBC.com, according to VirusTotal data cited by Emsisoft. By the evening of Feb. 21, Google no longer blocked NBC.com’s sites.