Security software developer Malwarebytes identified the malware infecting NBC.com as the Citadel Trojan, which it said it detected as Backdoor.Agent.RS. According to an emailed statement from the security firm,
It was using the RedKit exploit kit to spread the malware and exploited both Java and Adobe Reader. The malware, Citadel, is a reproduction of the Zeus banker trojan and has the same capabilities of stealing financial information from users. In addition, it can execute subsequent malware by installing Ransomware on the victim's system.
It was another hack in a week full of news about malware, cyberespionage, and hackers. In one instance, Apple said that some of its own once-considered-invulnerable Macs were hacked by the same malware that Facebook last week said had hit its company.
In addition, security firm Mandiant released a report which it said was proof of the efforts by a Chinese military unit to hack into 141 businesses, most of them in the U.S., for financial gain. The investigation was undertaken by the company at the behest of the New York Times, which like the Wall Street Journal, was hacked by the cybercriminals.
That report linked a wave of U.S. corporate hacks to a People's Liberation Army (PLA) cyber-espionage division called Unit 61398.
Chester Wisniewski, a senior security adviser at Sophos, said that Mandiant's Chinese hacking report was
... impressive in length and girth, but not any other way. There’s nothing groundbreaking in there.Dmitri Alperovitch, of cybersecurity firm CrowdStrike agreed, saying:
The report itself didn’t highlight any new hacking activity. They did a nice job with attributing it to the P.L.A., but the story’s been beaten to a pulp.Despite their criticisms, both were ready to heap praise on Mandiant. Wisniewski said,
We all know it’s the Chinese most of the time in this industry, but most of us aren’t willing to stand up in front of the public and say, "It’s the P.L.A.!" It’s brave of them (Mandiant) to come forward.Alperovitch added,
This is not sour grapes -- they did a nice report and came out with new information. It’s their turn now. They should enjoy it.