NBC Hack Leads to Bank-Fraud Malware

US news station NBC fell victim yesterday to cyber-criminals who managed to inject malicious code leading to financial malware delivered via exploit code.

Malware warning in Chrome when visiting the NBC website

The attack was carried via a malicious iframe injected in the home page of the website. The iframe was used to load malicious content from compromised websites where attackers had planted the Redkit exploit pack ” a crimeware kit that probes the visitor`s browser for vulnerabilities in third-party components such as Java and Adobe Reader. If a vulnerable version is found, the exploit kit redirects the user to a Java applet or an infected PDF file that, once opened, silently installs the Citadel banker Trojan.

It`s unclear how many people were affected, but; judging by the traffic rank of the website, chances are it claimed quite a few victims. Fortunately, attackers lost many potential victims as the compromised websites hosting the Redkit exploit pack gave up under the unexpected load.

“We`ve identified the problem and are working to resolve it. No user information has been compromised,” NBC said in a statement.

If you visited nbc.com website, run a 60-second QuickScan to see whether you got infected. If you have used e-banking services and noticed that the bank website asked for unusual information, contact the bank immediately.