cancel
Showing results for 
Search instead for 
Did you mean: 
McAfee Employee

NBC site attacked - using suspicious iframe as attack vector

Hey All,

Apparently the NBC site has been attacked and some malcious code has been placed on their web page.

More information can be found here:

http://www.zdnet.com/nbc-com-hacked-briefly-compromised-with-redkit-malware-7000011636/

and here:

http://blog.sucuri.net/2013/02/nbc-website-hacked-be-careful-surfing.html

There is a malicious iframe that is being used as the attack vector. The URLs that I found on the site (within the iframe) were categorized by trustedsource by the time I got to them.

I was however able to create a rule in MWG to remove iframes for sites in a given list, see screenshot below. Please keep in mind using the HTML opener can be a performance hit. This rule may need to be refined for production use and may produce false positives:

nbc_2013-02-21_174655.png

Just thought I'd share in case someone else read the news.

Stay safe!

Best,

Jon

3 Replies
McAfee Employee

Re: NBC site attacked - using suspicious iframe as attack vector

As of right now I think the code may have been taken down. The site I was testing with is no longer exibiting the behavior.

Best,

Jon

fschulte
Level 10

Re: NBC site attacked - using suspicious iframe as attack vector

Thx, Jon, for the solution and for the update!

0 Kudos
btlyric
Level 12

Re: NBC site attacked - using suspicious iframe as attack vector

Not just nbc.com.

Also a bunch of *.msn.com sites and at least one *.foxsports.com site.

0 Kudos