Streaming sites operated by the BBC were hacked on Tuesday so they silently served visitors with malware, researchers from security firm Websense said.
An iframe tag on the BBC's 6 Music and 1Xtra websites injected an exploit that was housed on a website with an address ending in cc, a top level domain for the Cocos Islands. The malicious binary was generated by the Phoenix exploit kit, which dates back to 2007 and streamlines malware infections by collecting detailed statistics.
“If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable,” Websense researchers wrote in a blog post.
A VirusTotal scan showed that only nine of the top 43 antivirus products detected the threat.
The discovery continues the trend of using legitimate websites to propagate malware. Who needs to lure marks to fake sites when popular ones are easy to compromise?
Websense didn't say how attackers managed to plant the wayward iframe on the BBC's sites. More often than not, the rogue links are added with the help of SQL injection attacks or, less often, by exploiting compromised passwords. ®