The iframe, on both the BBC 6 music and 1Xtra webpages, is
loading code from a malicious website from the .co.cc TLD. As the malware is
being pushed through drive-by downloads, just browsing the page is enough for
an unprotected or inadequately protected user to become infected with a
Visitors are being logged by the authors and the payload is
being delivered to the end user only once. The Phoenix
exploit kit provided the exploits being used to deliver the code.
a service that analyzes suspicious files and URLs, reports that detection rate
of this file is currently at 20%.
This particular attack appears to be part of a
mass-injection campaign targeting vulnerable sites.