you're reading...
IT, Security

BBC 6Music and 1Xtra streams hacked

Malware has been reportedly[1] inserted into the stream pages for two of BBC‘s less popular radio channels.

According to The Register (quoting WebSense[2]), the exploit in question allows what is called “drive by downloads“, that is to say that the malware can download itself to anyone simply browsing the page without prompting the user or asking consent.
VirusTotal were reporting yesterday that only 9 AntiVirus solutions out of 43[3] were detecting the malware. 15 hours later, today, and that number had only increased to 12[4].
This appears to be quite a poor response.
The AV that do currently detect the malware are:

AhnLab-V3		Trojan/Win32.CSon
Emsisoft			Trojan.Win32.Oficla!IK
Ikarus			Trojan.Win32.Oficla
Kaspersky		IM-Worm.Win32.Yahos.su
NOD32			a variant of Win32/Kryptik.KRH
Panda			Suspicious file
PCTools			Trojan.Bredolab
Prevx			Medium Risk Malware
Semantic			Trojan.Bredolab
TrendMicro-HouseCall	TROJ_SPYEYE.SMEP
VIPRE			FraudTool.Win32.AVSoft (v)

No statement yet from the BBC and more importantly no indication that the “injected frame” has been removed.

Other reports on the same incident include Net Security[5] and ZD Net[6].

[1]The Register (BBC DriveBy Download) 16/02/2011
[2]WebSense (BBC – 6 Music and 1xtra Web site Injected With Malicious iFrame ) 16/02/2011
[3]VirusTotal 15/02/2011
[4]VirusTotal 16/02/2011
[5]Net Security (Malware News) 16/02/2011
[6]ZD Net 16/02/2011

– Posted using BlogPress from my iPhone

About harlekwinblog

"Thoughts of an idle mind." Information Security professional.


One thought on “BBC 6Music and 1Xtra streams hacked

  1. Just received this reply from 6Music:
    The problem was resolved yesterday, shortly after it was reported.
    The sites are both secure and safe to visit again now.
    Best wishes
    6 Music Team

    Posted by harlekwinblog | 2011/02/16, 6:46 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: