Blog

NBC.com hacked and serving Citadel Malware

Anomali
February 21, 2013
Table of contents
<p><strong>NBC was owned this morning and serving up malicious javascript.</strong></p><p><img alt="" src="https://cdn.filestackcontent.com/F3IvTYwoRXCcct4TxZfu" style="width: 957px; height: 413px;"/></p><p>Malicious javascript file added to nbc.com this morning is serving up Citadel (Zeus Varient) by exploiting known PDF and Java vulnerabilities.</p><p><strong>Indicators of compromise:</strong></p><p>hxxp://priceworldpublishing.com<br/> hxxp://flying-gators-mac.com<br/> hxxp://clientesporinternet.com<br/> hxxp://finesseindia.com<br/> hxxp://zafood.net<br/> hxxp://fabricaequiposestetica.com<br/> hxxp://gonullersultani.net<br/> hxxp://justyourmessage.com<br/> hxxp://allsystemscorp.com<br/> hxxp://registrosanitarioinvima.com<br/> hxxp://fattjoints.com<br/> hxxp://buubinorthpointestates.com<br/> hxxp://hideshadow.com<br/> hxxp://erabisnis.net<br/> hxxp://datingquotes.net<br/> hxxp://bridalplaces.com<br/> hxxp://moi-npovye-sploett.com/qqqq/1.php<br/> hxxp://priceworldpublishing.com/aynk.html<br/> hxxp://nikweinstein.com/cl/google.php<br/> hxxp://walterjeffers.com/ctuk.html<br/> hxxp://barbecuechickenrecipes.org/ctuk.htm<br/> hxxp://umaiskhan.com/ztuj.html<br/> hxxp://toplineops.com/mtnk.html<br/> hxxp://gonullersultani.net/znzd.htm<br/> hxxp://erabisnis.net/znzd.htm<br/> hxxp://electricianfortwayne.info/62.html<br/> hxxp://moi-npovye-sploett.com/cGeQc0wz1KPI/larktion.php<br/> hxxp://toplineops.com/mtnk.html<br/> hxxp://electricianfortwayne.info/62.html<br/> hxxp://electricianfortwayne.info/987.pdf</p><p><strong>MD5/VT: </strong></p><p><a href="https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/</a></p><p><a href="https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/</a></p><p><a href="http://www.threatstream.com/">THREAT STREAM</a> users are covered via SIEM correlation rules to detect potential compromise from this event.</p>
Anomali

Anomali's AI-Powered Platform brings together security and IT operations and defense capabilities into one proprietary cloud-native big data solution. Anomali's editorial team is comprised of experienced cybersecurity marketers, security and IT subject matter experts, threat researchers, and product managers.

Read more by ANTHONY

Discover More About Anomali

Get the latest news about cybersecurity, threat intelligence, and Anomali's Security and IT Operations platform.

SEe all Resources
BLOG

The Primary Sources of Cyberthreat Intelligence

Cyberthreat intelligence can be gathered from a wide range of sources, broadly categorized into four types: open source, commercial, internal, and community intelligence.

Learn More
BLOG

Building the Ultimate Defense Requires a Balanced Diet of Threat Intelligence

Just as no elite athlete would consider a training diet that consisted of only bread, no top-notch security team should rely on a solitary source of threat intelligence.

Learn More
BLOG

Level Up Security with Unified Threat Intelligence and SIEM

A unified threat intelligence and SIEM platform increases an organization’s level of security maturity by strengthening defenses, reducing risk, and improving overall operational efficiency.

Learn More

Propel your mission with amplified visibility, analytics, and AI.

Learn how Anomali can help you cost-effectively improve your security posture.

schedule a demo
February 21, 2013
-
Anomali
,

NBC.com hacked and serving Citadel Malware

Explore more topics

Anomali
Anomali Copilot
Anomali Cyber Watch
Anomali Security Analytics
Anomali Security Operations Platform
Compliance
Cyber Threat Intelligence
ISAC
IT Operations
Malware
Modern Honey Network
Research
SIEM
SOAR
STAXX
Security Operations
Splunk
Threat Intelligence Platform
ThreatStream
UEBA
Cyber Threat Intelligence