February 21, 2013
-
Admin

NBC.com hacked and serving Citadel Malware

Cyber Threat Intelligence
<p><strong>NBC was owned this morning and serving up malicious javascript.</strong></p><p><img alt="" src="https://wwwlegacy.anomali.com/images/uploads/blog/nbc1.png" style="width: 957px; height: 413px;" /></p><p>Malicious javascript file added to nbc.com this morning is serving up Citadel (Zeus Varient) by exploiting known PDF and Java vulnerabilities.</p><p><strong>Indicators of compromise:</strong></p><p>hxxp://priceworldpublishing.com<br /> hxxp://flying-gators-mac.com<br /> hxxp://clientesporinternet.com<br /> hxxp://finesseindia.com<br /> hxxp://zafood.net<br /> hxxp://fabricaequiposestetica.com<br /> hxxp://gonullersultani.net<br /> hxxp://justyourmessage.com<br /> hxxp://allsystemscorp.com<br /> hxxp://registrosanitarioinvima.com<br /> hxxp://fattjoints.com<br /> hxxp://buubinorthpointestates.com<br /> hxxp://hideshadow.com<br /> hxxp://erabisnis.net<br /> hxxp://datingquotes.net<br /> hxxp://bridalplaces.com<br /> hxxp://moi-npovye-sploett.com/qqqq/1.php<br /> hxxp://priceworldpublishing.com/aynk.html<br /> hxxp://nikweinstein.com/cl/google.php<br /> hxxp://walterjeffers.com/ctuk.html<br /> hxxp://barbecuechickenrecipes.org/ctuk.htm<br /> hxxp://umaiskhan.com/ztuj.html<br /> hxxp://toplineops.com/mtnk.html<br /> hxxp://gonullersultani.net/znzd.htm<br /> hxxp://erabisnis.net/znzd.htm<br /> hxxp://electricianfortwayne.info/62.html<br /> hxxp://moi-npovye-sploett.com/cGeQc0wz1KPI/larktion.php<br /> hxxp://toplineops.com/mtnk.html<br /> hxxp://electricianfortwayne.info/62.html<br /> hxxp://electricianfortwayne.info/987.pdf</p><p><strong>MD5/VT: </strong></p><p><a href="https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/</a></p><p><a href="https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/</a></p><p><a href="http://www.threatstream.com/">THREAT STREAM</a> users are covered via SIEM correlation rules to detect potential compromise from this event.</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.
Subscribe Today

Explore more topics

Anomali
Anomali Cyber Watch
Anomali GPT
Anomali Match
Cyber Threat Intelligence
Malware
Modern Honey Network
Research
SIEM
STAXX
Splunk
Threat Intelligence Platform
ThreatStream
Cyber Threat Intelligence