The websites of the BBC’s 6 music and 1Xtra radio stations
have been injected with a malicious iframe and are redirecting users to a site
serving up malware according to a Websense report Tuesday.
The iframe, on both the BBC 6 music and 1Xtra webpages, is
loading code from a malicious website from the .co.cc TLD. As the malware is
being pushed through drive-by downloads, just browsing the page is enough for
an unprotected or inadequately protected user to become infected with a
malicious executable.
Visitors are being logged by the authors and the payload is
being delivered to the end user only once. The Phoenix
exploit kit provided the exploits being used to deliver the code.
VirusTotal,
a service that analyzes suspicious files and URLs, reports that detection rate
of this file is currently at 20%.
This particular attack appears to be part of a
mass-injection campaign targeting vulnerable sites.
