NBC site redirecting to Exploit kit
We became aware that the NBC[.]com website is redirecting to malicious websites that contains exploitkit.
At this point it seems like most of the pages contains an iframe that is redirecting to the first stage of the RedKit exploit kit.
Some twitter users are already poiting out some of these bad pages.
Some of bad iframes public known are:
hxxp://www.jaylenosgarage[.]com/trucks/PHP/google.php
hxxp://toplineops[.]com/mtnk.html
hxxp://jaylenosgarage[.]com
The Redkit exploit kit will deploy the banking trojan Citadel.
We will update this diary when more info become available.
---------------------------
Pedro Bueno (pbueno /%%/ isc. sans. org)
Twitter: http://twitter.com/besecure
×
Diary Archives
Comments
hxxp://nikweinstein[.]com/cl/google[.]php
Hoax
Feb 21st 2013
1 decade ago
hxxp://walterjeffers[.]com/ctuk.html
hxxp://serwer-testowy[.]com/ctuk.htm
hxxp://nikweinstein[.]com/cl/google.php
Justin
Feb 21st 2013
1 decade ago
Pedro
Feb 21st 2013
1 decade ago
http://umaiskhan[.]com/ztuj[.]html
And on view-source:http://www.nbc.com/1600-penn/video/at-the-monitors-bruce-campbell-pt-1/n31463/ line 411:
http://nikweinstein[.]com/cl/google[.]php
It's been reported to google and it appears that the malware warnings are starting to display.
Scurit
Feb 21st 2013
1 decade ago
http://walterjeffers[.]com/ckxi[.]html -301 "http://realestate.msn.com/biggest-billionaire-home-sales-of-the-past-year"
haxtime
Feb 21st 2013
1 decade ago
- http://www.reuters.com/article/2013/02/21/us-nbc-virus-idUSBRE91K1DQ20130221
Feb 21, 2013 4:54pm EST - "... 'A problem was identified and it has been fixed,' an NBC Universal spokeswoman told Reuters. She declined to elaborate on the nature of the problem... NBC is controlled by Comcast Inc..."
Ahem...
PC.Tech
Feb 21st 2013
1 decade ago
Like the cookie rule I mean.
("Accept cookies only from the site I visit")
For example if i open "isc.sans.edu" this browser session only handle URL's with "isc.sans.edu\*".
Rob
Feb 22nd 2013
1 decade ago
That would be nice -- if it would eliminate advertisements on the "top-edge" or "right-edge" of web-pages on some sites, because those advertisements usually originate from some other domain.
Oops! That blows-away the "revenue-model" for web-sites that inject advertisements along with the content that I want to see.. :-)
Melvin
Feb 22nd 2013
1 decade ago
Honey
Feb 22nd 2013
1 decade ago