NBC site redirecting to Exploit kit
Published: 2013-02-21
Last Updated: 2013-02-21 19:36:19 UTC
by Pedro Bueno (Version: 1)
9 comment(s)
Last Updated: 2013-02-21 19:36:19 UTC
by Pedro Bueno (Version: 1)
We became aware that the NBC[.]com website is redirecting to malicious websites that contains exploitkit.
At this point it seems like most of the pages contains an iframe that is redirecting to the first stage of the RedKit exploit kit.
Some twitter users are already poiting out some of these bad pages.
Some of bad iframes public known are:
hxxp://www.jaylenosgarage[.]com/trucks/PHP/google.php
hxxp://toplineops[.]com/mtnk.html
hxxp://jaylenosgarage[.]com
The Redkit exploit kit will deploy the banking trojan Citadel.
We will update this diary when more info become available.
---------------------------
Pedro Bueno (pbueno /%%/ isc. sans. org)
Twitter: http://twitter.com/besecure
