Skip to main content
Customer Support Customer Support

The hacking continues; NBC websites briefly compromised with RedKit malware

YegorP
  • YegorP
  • Retired Webrooter
  • 448 replies
Here we go again....
 
From Apple headquarter computers to the Twitter profiles of big-name corporations, this week has been full of hacks. Today is no different.
 
According to a ZDNet report, around 12PM PST, NBC.com along with a few other NBC websites were compromised and served malware for a few hours due to the RedKit exploit. To serve the malware, RedKit deployed a banking trojan called Citadel, which is a version of the Zeus Trojan.
 
"RedKit was first publicly identified last year in May as an exploit kit that contains an API that generates new host-site URLs every hour. RedKit malware targets vulnerabilities in applications such as Java and Adobe Reader."
 

(Source: Huffingtonpost)

 
The pages have since been swapped and are most likely safe to visit. However, the hackers likely still have access to the sites. The great news for Webroot users? While SecureAnywhere doesn't prevent the exploit itself from working, it targets the payload (Citadel), thus protecting users from this Zeus-variant malware.
--Yegor P-- Social Media Content Coordinator New to the Community? Sign up for FREE today.
ProTruckDriver
shorTcircuiT
2 people like this
  • ProTruckDriver
    ProTruckDriver
  • shorTcircuiT
    shorTcircuiT

10 replies

cohbraz
Community Leader
  • cohbraz
  • Community Leader
  • 868 replies
  • February 22, 2013
This is the most intrest an NBC Network has received in a few years!
RWM
Community Leader
  • RWM
  • Community Leader
  • 276 replies
  • February 22, 2013
Have they identified what these clowns are looking for?  Is it a game?  Is it some kind of prank?  Are they looking for intellectual property and trade secrets?  Are they seeking confidential financial information?  Are they hacking into bank accounts?  Is there a pattern?  Is it one or more groups of perpetrators?
 
Lot's of questions here!  😠
cohbraz
Community Leader
  • cohbraz
  • Community Leader
  • 868 replies
  • February 22, 2013
@ wrote:
Have they identified what these clowns are looking for?  Is it a game?  Is it some kind of prank?  Are they looking for intellectual property and trade secrets?  Are they seeking confidential financial information?  Are they hacking into bank accounts?  Is there a pattern?  Is it one or more groups of perpetrators?
 
Lot's of questions here!  :@
They certainly were not looking for quality programming.
 
Maybe they did the opposite: they hacked the site and gave NBC something worth watching.
RompinRaider
Popular Voice
  • RompinRaider
  • Popular Voice
  • 365 replies
  • February 22, 2013
Agreed...NBC probably paid to have this done for ratings!
Rompin Raider WSA Complete Windows10 MacOS Sierra
RWM
Community Leader
  • RWM
  • Community Leader
  • 276 replies
  • February 22, 2013
Ofcourse.  They're doing it for ratings...just like Apple and Facebook.  Now, why didn't I think of that?  [no appropriate emoticom]
D
New Voice
Forum|alt.badge.img+13
  • dwechs
  • New Voice
  • 19 replies
  • February 23, 2013
Hello...
I am a SecureAnywhere Complete user. I was wondering, when you say, ". . .  SecureAnywhere . . . targets the payload (Citadel), thus protecting users from this Zeus-variant malware, " could you explain how this is done? Is one of the shields blocking Citadel?
 
Thanks,
Donald 
JimM
  • JimM
  • Retired Webrooter
  • 1581 replies
  • February 23, 2013
@ wrote:
Is one of the shields blocking Citadel?

Actually, a couple of them can do that.  There are rules that operate based on what a file is observed to be doing that will kick in on Unknown files when they are observed to be attempting to perform an action that has been previously determined to be malicious.  This operates heuristically via the Behavior Shield.  Similarly, a pre-determined Bad file would be picked up by the Realtime Shield when it's dropped on your computer or run.
 
Plus, one of the best things about WSA is that even if a new variant somehow manages to slip through the classification process altogether, the Identity Shield would still prohibit the trojan from stealing anything from you.  While the Realtime shield looks for known Bads, and the Behavioral Shield helps turn malicious Unknowns into known Bads, the Identity Shield will prohibit an Unknown from stealing your keystrokes, screenshots, etc.
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
ProTruckDriver
shorTcircuiT
2 people like this
  • ProTruckDriver
    ProTruckDriver
  • shorTcircuiT
    shorTcircuiT
RWM
Community Leader
  • RWM
  • Community Leader
  • 276 replies
  • February 23, 2013
Just a tad bit off topic, Jim!  😉
RompinRaider
Popular Voice
  • RompinRaider
  • Popular Voice
  • 365 replies
  • February 23, 2013
Just a little humor...I'm old school. I enjoyed the day when the media reported the news and didn't promote agendas. Call me old fashion.;)
Rompin Raider WSA Complete Windows10 MacOS Sierra
D
New Voice
Forum|alt.badge.img+13
  • dwechs
  • New Voice
  • 19 replies
  • February 23, 2013
JimM…
Thanks for the detailed explanation. I'll "keep my shields up."
 
Don
shorTcircuiT
1 person likes this
  • shorTcircuiT
    shorTcircuiT

Reply


Terms & Conditions