According to Websense, a company that makes web filtering software, BBC 6 Music and BBC 1Xtra radio had their websites hacked recently. The malicious code is executed when you load the page.
The injected iframe occurs at the foot of the BBC 6 Music Web page, and loads code from a Web site in the .co.cc TLD. The iFrame injected into the Radio 1Xtra Web page leads to the same malicious site. If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable.
The hackers used a utility called the 'Phoenix Exploit Kit' (PEK) to execute their code on unsuspecting users. Only around 20% of anti-virus software tested against this vulnerability actually detected it according to VirusTotal, Kasperksy, NOD32 and Trend Micro were some of the notable software able to detect the virus. Avast, AVG, Microsoft, Sophos and Symantec all failed to detect the virus in tests by VirustTotal.
Though it wasn't stated what the malicious software did to the end users computer it is suspected that this hack was part of a larger attack. There is currently a group attacking vulnerable sites and inserting malicious code around the net.
22 Comments - Add comment