3 Replies Latest reply: Feb 22, 2013 7:03 AM by btlyric RSS

    NBC site attacked - using suspicious iframe as attack vector

    Jon Scholten

      Hey All,


      Apparently the NBC site has been attacked and some malcious code has been placed on their web page.


      More information can be found here:

      http://www.zdnet.com/nbc-com-hacked-briefly-compromised-with-redkit-malware-7000 011636/

      and here:



      There is a malicious iframe that is being used as the attack vector. The URLs that I found on the site (within the iframe) were categorized by trustedsource by the time I got to them.


      I was however able to create a rule in MWG to remove iframes for sites in a given list, see screenshot below. Please keep in mind using the HTML opener can be a performance hit. This rule may need to be refined for production use and may produce false positives:




      Just thought I'd share in case someone else read the news.


      Stay safe!