Thursday, February 21, 2013

Hackers cap off a week of computer insecurity by infecting NBC.com with malware

NBC.com was hacked on Thursday. The site and its entertainment properties were reportedly infected with malware that was redirecting visitors to malicious websites.

Security software developer Malwarebytes identified the malware infecting NBC.com as the Citadel Trojan, which it said it detected as Backdoor.Agent.RS. According to an emailed statement from the security firm,
The NBC web site was compromised for about 15 min and the actual iframe with the malicious redirect was embedded in a javascript file located on the NBC.com web server.

It was using the RedKit exploit kit to spread the malware and exploited both Java and Adobe Reader. The malware, Citadel, is a reproduction of the Zeus banker trojan and has the same capabilities of stealing financial information from users. In addition, it can execute subsequent malware by installing Ransomware on the victim's system.
In the same emailed statement, Malwarebytes' security researcher Dancho Danchev theorized that the group behind the NBC.com hack may be the same hackers behind recent faked Facebook and Verizon emails that direct customers to infected Web pages.

It was another hack in a week full of news about malware, cyberespionage, and hackers. In one instance, Apple said that some of its own once-considered-invulnerable Macs were hacked by the same malware that Facebook last week said had hit its company.

In addition, security firm Mandiant released a report which it said was proof of the efforts by a Chinese military unit to hack into 141 businesses, most of them in the U.S., for financial gain. The investigation was undertaken by the company at the behest of the New York Times, which like the Wall Street Journal, was hacked by the cybercriminals.

That report linked a wave of U.S. corporate hacks to a People's Liberation Army (PLA) cyber-espionage division called Unit 61398.

SmartBargains.com
The Mandiant report brought the word cyberwarfare to the forefront of people's minds. However, although the report was praised by some and drew the attention of many -- Mandiant even appeared on "The Bill Press Show" on Thursday -- some noted that much of the report was not "new news."

Chester Wisniewski, a senior security adviser at Sophos, said that Mandiant's Chinese hacking report was
... impressive in length and girth, but not any other way. There’s nothing groundbreaking in there.
Dmitri Alperovitch, of cybersecurity firm CrowdStrike agreed, saying:
The report itself didn’t highlight any new hacking activity. They did a nice job with attributing it to the P.L.A., but the story’s been beaten to a pulp.
Despite their criticisms, both were ready to heap praise on Mandiant. Wisniewski said,
We all know it’s the Chinese most of the time in this industry, but most of us aren’t willing to stand up in front of the public and say, "It’s the P.L.A.!" It’s brave of them (Mandiant) to come forward.
Alperovitch added,
This is not sour grapes -- they did a nice report and came out with new information. It’s their turn now. They should enjoy it.



No comments: