Malware has been reportedly inserted into the stream pages for two of BBC‘s less popular radio channels.
According to The Register (quoting WebSense), the exploit in question allows what is called “drive by downloads“, that is to say that the malware can download itself to anyone simply browsing the page without prompting the user or asking consent.
VirusTotal were reporting yesterday that only 9 AntiVirus solutions out of 43 were detecting the malware. 15 hours later, today, and that number had only increased to 12.
This appears to be quite a poor response.
The AV that do currently detect the malware are:
AhnLab-V3 Trojan/Win32.CSon Emsisoft Trojan.Win32.Oficla!IK Ikarus Trojan.Win32.Oficla Kaspersky IM-Worm.Win32.Yahos.su NOD32 a variant of Win32/Kryptik.KRH Panda Suspicious file PCTools Trojan.Bredolab Prevx Medium Risk Malware Semantic Trojan.Bredolab TrendMicro TROJ_SPYEYE.SMEP TrendMicro-HouseCall TROJ_SPYEYE.SMEP VIPRE FraudTool.Win32.AVSoft (v)
No statement yet from the BBC and more importantly no indication that the “injected frame” has been removed.
The Register (BBC DriveBy Download) 16/02/2011
WebSense (BBC – 6 Music and 1xtra Web site Injected With Malicious iFrame ) 16/02/2011
Net Security (Malware News) 16/02/2011
ZD Net 16/02/2011
– Posted using BlogPress from my iPhone