February 21, 2013
-
Admin

NBC.com hacked and serving Citadel Malware

<p><strong>NBC was owned this morning and serving up malicious javascript.</strong></p><p><img alt="" src="https://wwwlegacy.anomali.com/images/uploads/blog/nbc1.png" style="width: 957px; height: 413px;" /></p><p>Malicious javascript file added to nbc.com this morning is serving up Citadel (Zeus Varient) by exploiting known PDF and Java vulnerabilities.</p><p><strong>Indicators of compromise:</strong></p><p>hxxp://priceworldpublishing.com<br /> hxxp://flying-gators-mac.com<br /> hxxp://clientesporinternet.com<br /> hxxp://finesseindia.com<br /> hxxp://zafood.net<br /> hxxp://fabricaequiposestetica.com<br /> hxxp://gonullersultani.net<br /> hxxp://justyourmessage.com<br /> hxxp://allsystemscorp.com<br /> hxxp://registrosanitarioinvima.com<br /> hxxp://fattjoints.com<br /> hxxp://buubinorthpointestates.com<br /> hxxp://hideshadow.com<br /> hxxp://erabisnis.net<br /> hxxp://datingquotes.net<br /> hxxp://bridalplaces.com<br /> hxxp://moi-npovye-sploett.com/qqqq/1.php<br /> hxxp://priceworldpublishing.com/aynk.html<br /> hxxp://nikweinstein.com/cl/google.php<br /> hxxp://walterjeffers.com/ctuk.html<br /> hxxp://barbecuechickenrecipes.org/ctuk.htm<br /> hxxp://umaiskhan.com/ztuj.html<br /> hxxp://toplineops.com/mtnk.html<br /> hxxp://gonullersultani.net/znzd.htm<br /> hxxp://erabisnis.net/znzd.htm<br /> hxxp://electricianfortwayne.info/62.html<br /> hxxp://moi-npovye-sploett.com/cGeQc0wz1KPI/larktion.php<br /> hxxp://toplineops.com/mtnk.html<br /> hxxp://electricianfortwayne.info/62.html<br /> hxxp://electricianfortwayne.info/987.pdf</p><p><strong>MD5/VT: </strong></p><p><a href="https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/</a></p><p><a href="https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/</a></p><p><a href="http://www.threatstream.com/">THREAT STREAM</a> users are covered via SIEM correlation rules to detect potential compromise from this event.</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.