nbc.com hacked

[tshile]

I originally posted about this in the tech advice thread as a one off, but upon further review this is a much more serious issue.

http://hitmanpro.wordpress.com/2013/02/21/nbc-com-hacked-serving-up-citadel-malware/

If you visited NBC.com today then you need to make sure you run a virus scanner and check your computer. NBC was notified about this over 2 1/2 hours ago (as of my posting) and the site is still handing out malicious files - NBC is obviously having some serious problems.

One of the pieces of malware being distributed is a Trojan known for being focused around stealing banking information. This is a very successful Trojan.

I would not assume going to a different NBC site means you weren't put at risk, right now not much is known about how bad the attack/infection is.

Any questions please feel free to ask. HitManPro is a very, very good antivirus scanner so if you feel like you want something to check in adition to whatever else you use, feel free to try that with confidence.

If you're not using antivirus - shame on you. Catch up to modern society and get one, there are plenty of free, quality ones available.

If you're on a mac and don't think this applies to you then shame on you as this relates to java vulnerabilities that Apple recently admitted compromised computers inside their own corporate headquarters.

 

[Nobody]

And I get mocked for going with Fox

 

[tshile]

Looks like it's been confirmed to include NBC-related sites.

http://blog.sucuri.net/2013/02/nbc-website-hacked-be-careful-surfing.html

So - best stay away from anything NBC-related for a while. I would assume that includes MSNBC as well.

Oh and Google has blacklisted them.

 

[Goaldeje]

And I get mocked for going with Fox

I was gonna ask if all three people who use NBC for news were affected.

 

[tshile]

At this point we don't know Mike. NBC is too busy tweeting their show lineup instead of fixing the problem.

I would not visit anything NBC related until this is confirmed to be fixed. That includes CNBC, MSNBC, et al.

 

[Nobody]

Poor Lanky

 

[Lanky Livingston]

Poor Lanky

Huh? I generally don't go to NBC.com or other NBC sites.

 

[Dead Money]

I was gonna post this earlier today and it escaped me...

http://www.usatoday.com/story/tech/2013/02/21/advanced-volatile-threat-malicious-software-pc-intrusions/1933975/

SEATTLE — Security researchers are keeping a wary eye on malicious programs circulating on the Internet designed to carry out invasive tasks in a computer's random access memory, or RAM, then disappear without a trace.

"We are seeing very sophisticated code that resides in the RAM of a computer that traditional (defensive) software has no chance of detecting," says Bob Gourley, chief technology officer of tech consultancy CTOvision.com.

In the past year, roughly 10% of the malicious code isolated by security firm Triumfant operated exclusively in RAM. That's worrisome because the current approach to defending corporate networks is built around detecting and disabling malicious programs after a hacker embeds them on the hard drives of PCs and servers.

Triumfant CEO John Prisco refers to RAM-based attacks as "advanced volatile threats." Such attacks require high expertise to pull off, and so far have been comparatively rare. But they could get more usage by elite hacking groups as organizations get better at defending traditional attacks, security researchers say.

"What we're seeing more often these days is attackers compromising a user's laptop without having to install any software," says Carl Livitt, a researcher at security consultancy Stach & Liu. "Once the payload is deployed, it can bury itself in RAM, hide from users, hide from anti-virus, hide from system administrators, and act as a staging point from which other attacks can be launched."

The emergence of AVTs comes at a time when corporations and government agencies are just starting to publicly acknowledge the onslaught of network intrusions that has steadily accelerated over the past decade.

"Cybercriminals are always looking for new ways to attack," says Pravin Kothari, CEO of encryption firm CipherCloud. "Organizations need to be proactive in identifying these new threats and correspondingly adopt new technologies to protect their sensitive information."

But even as companies and governments are starting to share intelligence and collaborate on beefing up network defenses, the best and brightest of the bad guys have begun honing the next generation of even more insidious attacks.

In one caper, documented by Kaspersky Lab, the hackers corrupted advertisements appearing on two popular Russian news sites. Anyone using a Windows PC to visit either of the sites got an infection that activated only in RAM, thus evading detection from Windows security mechanisms.

The malicious program got wiped out the instant the browser was shut down. But in the hours the browser was enabled, the infection remained active in RAM, giving the attacker full control to embed other malicious programs on the machine. A subsequent Windows security update now prevents a repeat of that specific attack.

Even so, security experts are concerned that AVT attacks could represent the next generation of malicious software deployed by data thieves and cyber spies on the cutting edge.

"It's worrisome going forward because if there is no way to detect these things as the infection is occurring the question then becomes, 'What else are they going to do next?,'" says A.N. Ananth, CEO of security firm EventTracker. "The fear is that this will be a doorway to something we're not entirely sure of."

Jody Westby, CEO of security consultancy Global Cyber Risk, says organizations under attack will have to ante up to keep up.

According to Gartner, global spending on security equipment and software is in the midst of a multi-year run of 8.9% annual growth – rising to $85.8 billion in 2016 from $56 billion in 2011.

"These new threats are going to drive home the point that having antivirus software, good firewalls and patches implemented are just not enough," Westby says. "New services to detect, counter, and mitigate these threats will become a necessity."

 

[tshile]

List of banking institutions the malware was geared to steal login information for has been posted:
•Wells Fargo
•USAA
•Citibank
•Bank of America
•TD Ameritrade
•Suntrust
•Navy Federal Credit Union
•Citizensbank Online
•Fifth Third Bank
•PNC
•Chase
•Schwab
•American Express

 

[Nobody]

****, we use NFCU. Any way to find out if your stuff got compromised? Was it only from people who went on NBC sites? Does it include msn.com (my homepage)?

 

[tshile]

****, we use NFCU. Any way to find out if your stuff got compromised? Was it only from people who went on NBC sites? Does it include msn.com (my homepage)?

I haven't checked since this morning, but as far as I know NBC hasn't released anything on the infection (which is utter bull****, they're a terrible company for doing that), so I can't help you with that

Run hitmanpro. Apparently at the time of the compromise only 3 scanners were capable of picking up the virus, hitmanpro was one of them. I don't know what the other two are. That's about the best advice I can give you right now

You can also wait a week and whatever virus scanner you have will likely be updated to catch it.

 

[Nobody]

Sweet, thanks. I've been hearing a lot about Hitman Pro, I guess I should go ahead and buy it. Right now I use SuperAntiSpyware, MalwareBytes, and Spybot, but it never hurts to have all your bases covered.

 

[tshile]

oh they have a free scanner you can use. I've never used their paid for scanner and didn't mean to endorse that. I don't even know what it costs lol.

 

[Ax]

Will microsoft essentials catch it?

I'm running a full scan right now.

 

[tshile]

Looks like the answer is no, Panda (one I recommend in the tech thread) did though which makes me happy. Every time I think I've moved on from that company they keep proving to me that they deserve to be among the best.

Here's the detection list:
https://www.virustotal.com/en/file/...768da1059827ccac6ef2f9d8/analysis/1361464137/

I haven't heard of the other two.

 

[fansince62]

couple small points.

so...the level of technical excellence from tschille, hof, big mike is incredible. they know their stuff.

due to my own quirks I'd like to expand on one line of approach: malware is a class term that covers a whole bucket load of malicious software types. viruses are just one subtype of malicious software. AV tools can catch a lot of stuff, but they aren't built to catch everything. they can be evaded - rather easily at times. so don't rest comfortable. secondly, and I know others on this board disagree, I advocate running more than one AV tool. because of how these tools are designed and sustained...and because of the math of shaping attacks designed to overcome signature based approaches...no one tool is going to be comprehensive.

 

[fansince62]

Very true, bro. Thanks for the compliment.

I use AVG anti virus and malwarebytes in a combination to get everything. One always gets it. And you can never be too protected.
Posted via BGO Mobile Device

bingo!

a root core of many problems is identity management and related authentication/authorization technologies. so long as we consumers are stuck w/simple password systems....it's an uphill struggle.

btw...if anyone is really nervous about prying eyes...encrypt your persistent data (using a good technology and smart key management). you can also download free SSH implementations (quality varies) that can provide you some extra transport security as well as mux'ing.

me? I keep multiple PCs and place the important stuff on a CPU that has no external interfaces - tat's what old PCs/laptops are destined for! I still assume some risk when engaged in on-line purchases, but accept the risk.

be very careful how you manage your browsers...plugins/3rd party stuff is an invitation for disaster. once again...I do it also...just understand the risks you assume for any course of action you follow.

Java anyone?!!!!!!!!

 

[HOF44]

I think it's great to have multiple malware solutions to scan and remove. I just usually only have one live monitoring. If you have multiples doing real time detection it bogs down your system.

I use this with Firefox too, I really like it. http://noscript.net/

 

[fansince62]

I think it's great to have multiple malware solutions to scan and remove. I just usually only have one live monitoring. If you have multiples doing real time detection it bogs down your system.

I use this with Firefox too, I really like it. http://noscript.net/

agree.

I don't have em all running in the background. also...corporate/providers ought to be running some anti-malware "stuff" off a boundary tap....and some application layer appliances (e.g., e-mail attachment & content checkers).