Posted on 02/22/2013 8:55:11 AM PST by MeganC
MS-ISAC CYBER ALERT DATE ISSUED: February 21, 2013 SUBJECT: www.nbc[.]com Contains a Malicious iframe
MS-ISAC received reports and independently confirmed that the website www.nbc[.]com contains a malicious iframe which includes links to the following URLs:
• flying-gators-mac[.]com/mtnk.htm • finesseindia[.]com/mtnk.htm • toplineops[.]com/mtnk.html • nikweinstein[.]com/cl/google.php • moi-npovye-sploett[.]com/qqqq/1.php • walterjeffers[.]com • symptomshighbloodpressure[.]org • store.thermosolutionsinternational[.]com/ctuk.html
Please note that there may be additional domains included in the rotation. Once any of the above domains are visited, the Redkit exploit kit is leveraged to exploit number of vulnerabilities to install a Citadel malware on to the victim system. You may recall that the Redkit exploit kit uses java archive files (.jar) with a random digits as the file name (I.e. 323.jar, 4567.jar). Analyzing proxy logs for URL involving this pattern may assist in identifying compromised systems.
The MS-ISAC has identified that the malware attempts to communicate with the following Command & Control (C&C) IP address and URL:
• 184.82.177[.]125/tr2012/file.php
It should be noted that the version of the Citadel malware involved in this incident is not detected by any Anti-Virus program at this time and the additional C&C domains may be in use by this campaign.
RECOMMENDATIONS: We recommend the following actions be taken: • Block www.nbc[.]com at your perimeter firewall until it is confirmed that the site is cleaned • Block 184.82.177[.]125 at your perimeter firewall • Search all available logs and identify any traffic destined to the reported C&C IP addresses. o If traffic is identified, quarantine and clean the systems before putting them back on the network.
There seem to be some website out there that take forever to load. The NBC website sticks in mind as one of them, and one I don’t ever bother to go to anymore.
Side note: All the facebook, twitter linking seems to really slow down page load time. Is it only me? I just want to read the page and have it load quickly.
Help me out here. Is this stuff getting through my Kaspersky security software? I was getting a funny message when I clicked on Breitbart. Is this likely to be a similar type of attack?
I put all those garbage sites like facebook.com, twitter.com and hundreds more in my hosts file. With that and adblock, scriptblock and flashblock in the browser thing go fast everywhere.
Any suspect web sites that could be compromised should be blocked. This includes www.whitehouse.gov.
Apparently, there are sharia-inclined operatives involved at high levels.
I really don’t know. What I do know is that lots of sites are slow for me anymore but then others load up really fast so I know it’s not my computer that is the problem.
mark
And you thought all of NBC’s malware was contained in it’s prime-time lineup...
That’s okay. Nobody ever goes there except whacko lefties..........
Progressive Obamabots deserve all the grief they can get.
“Why are you warning...”
Because some FReepers are responsible for the security of their networks and this could be useful information for them. Also, many conservative sites link through to NBC.com and those links pose a security threat to my fellow FReepers.
wow, thanks. I shall take care of that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.