NBC .com website links to exploit kit spreading Citadel malware targeting US financials, picked up by only 3/46 on Virustotal
For five hours on Thursday visitors to NBC.com were infected by a virus known to target personal financial information, according to a cyber security team based out of the Netherlands that detected the virus.
“We noticed one of our clients visited NBC.com and got infected with malware,” explained Joost Bijl of the company, Fox-IT, which provides security for government agencies and financial institutions.
A spokesperson for NBC said only, “We are still investigating the problem.”
“The hack is gone now,” Bijl said. “It started at quarter to 5pm CET [Central European Time]. That’s in the early in the morning [in the U.S.], so it’s a good time to start exploiting people, because that’s when they get to their desks and start looking for news.” Similar viruses have compromised the Wall Street Journal’s and the New York Times’ websites in the past.
The hack lasted five hours during which time, Bijl said Citadel malware infected computers that had outdated versions of Java and/or Adobe PDF reader. Citadel is a “pretty common” malware that targets the visitor’s personal financial information.
“The Citadel malware mainly manipulates and inserts traffic to online banking sites,” Bijl said. “So, if you visit the website for Bank of America and you look at your balance, the malware adds another transaction to what you are doing.”
(A longer explanation can be found on Fox-IT’s website: “Once injected, the botnet crawls through files to seek and capture personal information, including online banking credentials. Variants of Citadel can automatically insert bank transfers and credit card payments.”)
While NBC.com was still distributing the malware Fox-IT’s CEO, Ronald Prins, tweeted:
Virustotal.com, Bijl explained, is a website that uses multiple programs to scan a virus, “It gives a good idea of the detection rate of virus scanners.”
The fact that virus was only picked up by 3 out of 46 scanners — Fortinet, Panda and Rising, for the curious — means that it was very effective at eluding detection.
There may be good news for vigilant updaters who may have visited NBC.com today: “If you have the most updated software than you are probably not vulnerable,” Bjil said. He added that the attack was geared toward computers running Windows, so Apple users are probably in the clear too.
To avoid being a victim in the future Bijl advised keeping software current. “Always update your software. You should use the latest version of software especially Java or Adobe PDF, which have been a lot in the news lately.” (Virus writers have been favoring Java and Adobe PDF, Bijl said, “because everyone has that software on their computer.”)