NBC site redirecting to Exploit kit

Discussion in 'other security issues & news' started by ronjor, Feb 21, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    https://isc.sans.edu/diary.html
     
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I had to see for my self but on my mac and got this.:thumb: I dont visit NBC but thanks for the news - warning ronjor.I use safari but google is my search engine.
     

    Attached Files:

    Last edited: Feb 21, 2013
  3. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    I'm not getting any flags from ESET as of yet.

    Brian Krebs stated via his Facebook page:
    Brian has been contacted via Twitter and other social media that it would appear NBC have taken action although there have been no statements released by NBC.
     
  4. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    httx://www.nbcnews.com/technology/technolog/nbc-com-hacked-say-security-researchers-1C8483074

     
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    This is why I think computer users who say they only need to utilize "common sense" when surfing the net are kidding themselves.
    Would common sense have told them to stay away from nbc[.]com today?
     
  6. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I tend to agree as it only takes that one time for even a reputable site to become compromised. Common sense tell me to check my brakes on my vehicle at certain intervals but it doesn't mean that my brake pads cant't crack or glaze over from heat making stopping distance greater.
     
    Last edited: Feb 21, 2013
  7. DrBenGolfing

    DrBenGolfing Registered Member

    Joined:
    Nov 29, 2012
    Posts:
    251
    Location:
    Hometown of Van Cliburn
    Saved by my abhorrance of anything to do with NBC.:D
    Just went there and no redirects--that was on my Chromebook.
     
  8. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    Well, at least I know that Mozilla is quick on their toes

    Firefox browser blocked it.

    ffblock.jpg
     
    Last edited: Feb 21, 2013
  9. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
  10. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
  11. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    It appears NBC Fixed the problem, the site is no longer blocked.
     
  12. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Agreed. The attackers go wherever they can that gets high exposure. Even if they don't hack a site directly, they do like to get into banner ad networks when they can (and these things happen more than what gets reported; NBC.com is justn newsworthy and worth a public warning).
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Yeah, Avast said nothing when I went there just now...
     
  14. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    http://www.reuters.com/article/2013/02/21/us-nbc-virus-idUSBRE91K1DQ20130221

     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    At the time you posted, ESET didn't block the website any more as the malicious iframe was already removed.
     
  16. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    I agree with you, however that doesn't mean that you shouldn't use common sense when navigating the web. It might not save you every time (that's why you have security software or other security measures installed on your computer), but it helps to greatly reduce the number of attacks.
     
  17. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  18. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Yes I agree. Common sense may not actually detect & remove malware but it is one layer of not getting it in the first place. ;)
     
  19. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I can't even remember the number of times I've said the same thing. Some years back common sense would say to stay away from porn sites. Nowdays, common sense tells me only to visit those. :D (Just kidding... I don't visit such sites. I promise. :ninja: )
     
  20. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
  21. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,540
    Location:
    Triassic
    Big business sites that have a lot of public views and/or interaction on their websites, like NBC, are usually hacked by groups like 'anonymous'. They have stated that all western governments and large corporations will be targets of hacking. The reason is obvious ... it gives them lots of air time to spew their political views. No announcements from them on this one as yet. If NBC finds out the source of the hack can they keep it under wraps and still meet their mandate to deliver news. It kind of puts them between a rock and a hard place.
     
  22. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    You mean the ESET blacklist had been lifted.
    Article

    Facebook and Google had also temporarily blocked access to the affected sites as well.
     
  23. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    According to VirusTotal and ZeroVulnerabilityLabs, very few AVs were catching this exploit.
     
  24. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    In the Eset article, I notice from the screen shots of the redirected sites, that one exploit is Java, as the code attempts to load a file (probably .jar, but it is blacked out). This requires that Plugins be enabled globally, or the exploit code doesn't run, since, if white-listed per site, the Plugin is not enabled when redirected to a non-white listed site.

    Sans.edu in its diary that ronjor cited, mentions a PDF exploit. This also would require a potential victim to have Plugins enabled globally.

    The Eset article mentions that other files are downloaded, and its screen shot shows javascript code. In a similar fashion, the potential victim would need to have javascript enabled globally for that code to execute.


    ----
    rich
     
  25. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Hi Rmus,

    What would likely happen to someone who didn't have java or a standalone pdf reader installed, but who just used Firefox with it's built-in pdf reader and nothing else?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.