• Welcome to BGO! We know you will have questions as you become familiar with the software. Please take a moment to read our New BGO User Guide which will give you a great start. If you have questions, post them in the Feedback and Tech Support Forum, or feel free to message any available Staff Member.

nbc.com hacked

Happy hour starts in 5 minutes

tshile

Guest

I originally posted about this in the tech advice thread as a one off, but upon further review this is a much more serious issue.

http://hitmanpro.wordpress.com/2013/02/21/nbc-com-hacked-serving-up-citadel-malware/

If you visited NBC.com today then you need to make sure you run a virus scanner and check your computer. NBC was notified about this over 2 1/2 hours ago (as of my posting) and the site is still handing out malicious files - NBC is obviously having some serious problems.

One of the pieces of malware being distributed is a Trojan known for being focused around stealing banking information. This is a very successful Trojan.

I would not assume going to a different NBC site means you weren't put at risk, right now not much is known about how bad the attack/infection is.

Any questions please feel free to ask. HitManPro is a very, very good antivirus scanner so if you feel like you want something to check in adition to whatever else you use, feel free to try that with confidence.

If you're not using antivirus - shame on you. Catch up to modern society and get one, there are plenty of free, quality ones available.

If you're on a mac and don't think this applies to you then shame on you as this relates to java vulnerabilities that Apple recently admitted compromised computers inside their own corporate headquarters.
 

tshile

Guest
At this point we don't know Mike. NBC is too busy tweeting their show lineup instead of fixing the problem.

I would not visit anything NBC related until this is confirmed to be fixed. That includes CNBC, MSNBC, et al.
 

Dead Money

, Mike Wise HATE'r
Joined
Jul 25, 2009
Messages
4,799
Reaction score
5
Points
68


I was gonna post this earlier today and it escaped me...

http://www.usatoday.com/story/tech/2013/02/21/advanced-volatile-threat-malicious-software-pc-intrusions/1933975/

SEATTLE — Security researchers are keeping a wary eye on malicious programs circulating on the Internet designed to carry out invasive tasks in a computer's random access memory, or RAM, then disappear without a trace.

"We are seeing very sophisticated code that resides in the RAM of a computer that traditional (defensive) software has no chance of detecting," says Bob Gourley, chief technology officer of tech consultancy CTOvision.com.

In the past year, roughly 10% of the malicious code isolated by security firm Triumfant operated exclusively in RAM. That's worrisome because the current approach to defending corporate networks is built around detecting and disabling malicious programs after a hacker embeds them on the hard drives of PCs and servers.

Triumfant CEO John Prisco refers to RAM-based attacks as "advanced volatile threats." Such attacks require high expertise to pull off, and so far have been comparatively rare. But they could get more usage by elite hacking groups as organizations get better at defending traditional attacks, security researchers say.

"What we're seeing more often these days is attackers compromising a user's laptop without having to install any software," says Carl Livitt, a researcher at security consultancy Stach & Liu. "Once the payload is deployed, it can bury itself in RAM, hide from users, hide from anti-virus, hide from system administrators, and act as a staging point from which other attacks can be launched."

The emergence of AVTs comes at a time when corporations and government agencies are just starting to publicly acknowledge the onslaught of network intrusions that has steadily accelerated over the past decade.

"Cybercriminals are always looking for new ways to attack," says Pravin Kothari, CEO of encryption firm CipherCloud. "Organizations need to be proactive in identifying these new threats and correspondingly adopt new technologies to protect their sensitive information."

But even as companies and governments are starting to share intelligence and collaborate on beefing up network defenses, the best and brightest of the bad guys have begun honing the next generation of even more insidious attacks.

In one caper, documented by Kaspersky Lab, the hackers corrupted advertisements appearing on two popular Russian news sites. Anyone using a Windows PC to visit either of the sites got an infection that activated only in RAM, thus evading detection from Windows security mechanisms.

The malicious program got wiped out the instant the browser was shut down. But in the hours the browser was enabled, the infection remained active in RAM, giving the attacker full control to embed other malicious programs on the machine. A subsequent Windows security update now prevents a repeat of that specific attack.

Even so, security experts are concerned that AVT attacks could represent the next generation of malicious software deployed by data thieves and cyber spies on the cutting edge.

"It's worrisome going forward because if there is no way to detect these things as the infection is occurring the question then becomes, 'What else are they going to do next?,'" says A.N. Ananth, CEO of security firm EventTracker. "The fear is that this will be a doorway to something we're not entirely sure of."

Jody Westby, CEO of security consultancy Global Cyber Risk, says organizations under attack will have to ante up to keep up.

According to Gartner, global spending on security equipment and software is in the midst of a multi-year run of 8.9% annual growth – rising to $85.8 billion in 2016 from $56 billion in 2011.

"These new threats are going to drive home the point that having antivirus software, good firewalls and patches implemented are just not enough," Westby says. "New services to detect, counter, and mitigate these threats will become a necessity."
 

tshile

Guest
List of banking institutions the malware was geared to steal login information for has been posted:
•Wells Fargo
•USAA
•Citibank
•Bank of America
•TD Ameritrade
•Suntrust
•Navy Federal Credit Union
•Citizensbank Online
•Fifth Third Bank
•PNC
•Chase
•Schwab
•American Express
 

Nobody

Super Bowl MVP
Joined
Apr 1, 2011
Messages
9,474
Reaction score
0
Points
0
Location
Virginia Beach, VA

Army

****, we use NFCU. Any way to find out if your stuff got compromised? Was it only from people who went on NBC sites? Does it include msn.com (my homepage)?
 

tshile

Guest
****, we use NFCU. Any way to find out if your stuff got compromised? Was it only from people who went on NBC sites? Does it include msn.com (my homepage)?
I haven't checked since this morning, but as far as I know NBC hasn't released anything on the infection (which is utter bull****, they're a terrible company for doing that), so I can't help you with that :(

Run hitmanpro. Apparently at the time of the compromise only 3 scanners were capable of picking up the virus, hitmanpro was one of them. I don't know what the other two are. That's about the best advice I can give you right now :(

You can also wait a week and whatever virus scanner you have will likely be updated to catch it.
 

Nobody

Super Bowl MVP
Joined
Apr 1, 2011
Messages
9,474
Reaction score
0
Points
0
Location
Virginia Beach, VA

Army

Sweet, thanks. I've been hearing a lot about Hitman Pro, I guess I should go ahead and buy it. Right now I use SuperAntiSpyware, MalwareBytes, and Spybot, but it never hurts to have all your bases covered.
 

tshile

Guest
oh they have a free scanner you can use. I've never used their paid for scanner and didn't mean to endorse that. I don't even know what it costs lol.
 

Ax

Guest
Will microsoft essentials catch it?

I'm running a full scan right now.
 

fansince62

Guest
couple small points.

so...the level of technical excellence from tschille, hof, big mike is incredible. they know their stuff.

due to my own quirks I'd like to expand on one line of approach: malware is a class term that covers a whole bucket load of malicious software types. viruses are just one subtype of malicious software. AV tools can catch a lot of stuff, but they aren't built to catch everything. they can be evaded - rather easily at times. so don't rest comfortable. secondly, and I know others on this board disagree, I advocate running more than one AV tool. because of how these tools are designed and sustained...and because of the math of shaping attacks designed to overcome signature based approaches...no one tool is going to be comprehensive.
 

fansince62

Guest
Very true, bro. Thanks for the compliment.

I use AVG anti virus and malwarebytes in a combination to get everything. One always gets it. And you can never be too protected.
Posted via BGO Mobile Device
bingo!

a root core of many problems is identity management and related authentication/authorization technologies. so long as we consumers are stuck w/simple password systems....it's an uphill struggle.

btw...if anyone is really nervous about prying eyes...encrypt your persistent data (using a good technology and smart key management). you can also download free SSH implementations (quality varies) that can provide you some extra transport security as well as mux'ing.

me? I keep multiple PCs and place the important stuff on a CPU that has no external interfaces - tat's what old PCs/laptops are destined for! I still assume some risk when engaged in on-line purchases, but accept the risk.

be very careful how you manage your browsers...plugins/3rd party stuff is an invitation for disaster. once again...I do it also...just understand the risks you assume for any course of action you follow.

Java anyone?!!!!!!!!
 
Last edited by a moderator:

HOF44

The Starter
Joined
Jul 15, 2009
Messages
1,002
Reaction score
0
Points
0


I think it's great to have multiple malware solutions to scan and remove. I just usually only have one live monitoring. If you have multiples doing real time detection it bogs down your system.

I use this with Firefox too, I really like it. http://noscript.net/
 

fansince62

Guest
I think it's great to have multiple malware solutions to scan and remove. I just usually only have one live monitoring. If you have multiples doing real time detection it bogs down your system.

I use this with Firefox too, I really like it. http://noscript.net/
agree.

I don't have em all running in the background. also...corporate/providers ought to be running some anti-malware "stuff" off a boundary tap....and some application layer appliances (e.g., e-mail attachment & content checkers).
 

Users Who Are Viewing This Thread (Total: 1, Members: 0, Guests: 1)

Private conversations
Help Users
As we enjoy today's conversations, let's remember our dear friend 'Docsandy', Sandy Zier-Teitler, who would dearly love to be here with us today! We love and miss you Sandy ❤
    Top