A NBC Universal spokeswoman told Reuters late Thursday that “a problem was identified and has been fixed,” but didn’t offer any details on what exactly happened.
The NBC spokeswoman did say that no NBC.com account information had been compromised, but could not confirm whether any users had been infected as a result of the hacking.
Although there have been reports that the site was compromised for only a few hours, antivirus firm ESET began receiving reports that the site had been infected as early as February 20th at 17:00 CET (8:00 AM PST).
There was a long period of inactivity until 12:00 PM CET on February 21st (3:00AM PST), which is when reports started flooding in. The cause of the gap is unclear, but it’s possible that the malicious iframe could have been pointing to a dead link.
The malicious iframes loaded compromised third-party websites housing the RedKit and Styx exploit kits, which would attempt to exploit Java and PDF vulnerabilities to drop a variety of malware.
ESET identified one of the dropped payloads as Win32/TrojanDownloader.Vespula.AY, a Trojan that downloads additional malware and another as Trojan.JS/Exploit.Agent.NCX. The Citadel banking Trojan & ZeroAccess were said to be some of the other pieces of malware dropped in the attack as well.
ESET users that attempted to visit NBC.com during the attack would be denied access by the antivirus to prevent infection. This block has since been lifted from the main NBC website since it has been cleaned up, but ESET warns that several other related sites may still be infected.
Keep Your PC Safe When Surfing the Web
As you can see, you don’t have to visit a “shady” website in order to have your PC infected with malware. Help keep your computer safe while surfing the web by:
- Always running antivirus/anti-malware software and keep the virus definitions current. (And pay attention to blocked site warnings!)
- Keeping your operating system and installed third-party software fully patched and up-to-date.
- Removing or disabling Java browser plugins if they're not needed - Java vulnerabilities are often targeted in cyberattacks.
- Exercising caution when clicking shortened or suspicious links and always do a little research before following them.
- Not downloading or openings files from unknown or untrusted websites (or emails, for that matter).
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+