The NBC.com security scare that resulted in Facebook temporarily blacklisting them appears to be resolved now. Yahoo! reports that Yesterday afternoon security experts began posting warnings to avoid the site, saying had been compromised and was infected with several types of malware. Facebook promptly blocked the site, warning users who clicked on links to it in their newsfeeds that it had been reported as abusive.
The malware, known Citadel and ZeroAccess, are Trojans that are used to commit banking fraud, cyber espionage, and other crimes. It’s not known exactly how NBC.com was infected, but, in most cases, sites are compromised via drive by SQL injection attacks or Java exploits. The attack on NBC.com used an injection attack to insert a malicious iFrame that redirected visitors to sites that tried to infect them too. The attack was hidden in a javascript file on NBC.com. A spokesperson for NBC said the attack was noticed quickly and the site was compromised for less than half an hour. No data was stolen, and it’s not known if any visitors to the site were infected.
According to PCMag.com , NBC.com’s security scare was also noticed by Google. Their Chrome browser also blacklisted the site for a short time. Visitors that did get infected may find themselves ridden with ransomware. Ransomware locks down a computer with a message that says the owner must pay a fee to get their files back. Usually, the message contains a dire warning designed to scare the owner into complying. Recently, that warning has contained images of child abuse and a fake FBI seal informing the owner that illegal content was found on their computer and they must pay a “fine” to get their access back.
Have you come across a compromised site? Did you get infected or dodge the bullet?