Thursday, February 17, 2011

6Music and 1Xtra hacked, apparently

According to Websense, the 6Music and 1Xtra websites have somehow become injected with malicious code:

The injected iframe occurs at the foot of the BBC 6 Music Web page, and loads code from a Web site in the .co.cc TLD. The iFrame injected into the Radio 1Xtra Web page leads to the same malicious site.

If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable.

The payload is delivered to the end user only once, with the initial visit being logged by the malware authors.

The code that is delivered to end users utilizes exploits delivered by the Phoenix exploit kit. A malicious binary is ultimately delivered to the end user. The VirusTotal detection of this file is currently around 20%.
I think the takeaway message from this is: it could happen to anyone. Do take care online.


No comments:

Post a Comment

As a general rule, posts will only be deleted if they reek of spam.