Skip to main content
All Posts
Cyber Threat Intelligence
1
min read

NBC.com hacked and serving Citadel Malware

NBC.com hacked: JavaScript added this morning serves Citadel (Zeus variant) by exploiting known PDF and Java vulnerabilities; visitors should avoid NBC pages.
Anomali
Published on
February 21, 2013
Table of Contents
<p><strong>NBC was owned this morning and serving up malicious javascript.</strong></p><p><img alt="" src="https://cdn.filestackcontent.com/F3IvTYwoRXCcct4TxZfu" style="width: 957px; height: 413px;"/></p><p>Malicious javascript file added to nbc.com this morning is serving up Citadel (Zeus Varient) by exploiting known PDF and Java vulnerabilities.</p><p><strong>Indicators of compromise:</strong></p><p>hxxp://priceworldpublishing.com<br/> hxxp://flying-gators-mac.com<br/> hxxp://clientesporinternet.com<br/> hxxp://finesseindia.com<br/> hxxp://zafood.net<br/> hxxp://fabricaequiposestetica.com<br/> hxxp://gonullersultani.net<br/> hxxp://justyourmessage.com<br/> hxxp://allsystemscorp.com<br/> hxxp://registrosanitarioinvima.com<br/> hxxp://fattjoints.com<br/> hxxp://buubinorthpointestates.com<br/> hxxp://hideshadow.com<br/> hxxp://erabisnis.net<br/> hxxp://datingquotes.net<br/> hxxp://bridalplaces.com<br/> hxxp://moi-npovye-sploett.com/qqqq/1.php<br/> hxxp://priceworldpublishing.com/aynk.html<br/> hxxp://nikweinstein.com/cl/google.php<br/> hxxp://walterjeffers.com/ctuk.html<br/> hxxp://barbecuechickenrecipes.org/ctuk.htm<br/> hxxp://umaiskhan.com/ztuj.html<br/> hxxp://toplineops.com/mtnk.html<br/> hxxp://gonullersultani.net/znzd.htm<br/> hxxp://erabisnis.net/znzd.htm<br/> hxxp://electricianfortwayne.info/62.html<br/> hxxp://moi-npovye-sploett.com/cGeQc0wz1KPI/larktion.php<br/> hxxp://toplineops.com/mtnk.html<br/> hxxp://electricianfortwayne.info/62.html<br/> hxxp://electricianfortwayne.info/987.pdf</p><p><strong>MD5/VT: </strong></p><p><a href="https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/</a></p><p><a href="https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/</a></p><p><a href="http://www.threatstream.com/">THREAT STREAM</a> users are covered via SIEM correlation rules to detect potential compromise from this event.</p>

FEATURED RESOURCES

April 14, 2026
Anomali Cyber Watch

When Silence Is the Loudest Warning: Iran's Cyber Operations Enter a Dangerous New Phase

Read More
April 14, 2026
Anomali Cyber Watch
Public Sector

When Trust Becomes the Attack Surface: What State Government CISOs Need to Know This Week

Read More
April 13, 2026
Anomali Cyber Watch

Iran’s Cyber War Enters Its Most Dangerous Phase: Active ICS Exploitation, Geographic Expansion, and Two Critical Zero-Days

Read More
Explore All