BBC radio websites were hacked this week and were linked to an injected iframe.
According to Websense, the injected iframe was at the foot of both the Radio 1Xtra and BBC 6 Music web pages and loaded code from a website in the .co.cc top level domain. It claimed that if an unprotected user browsed to the site, they would be faced with a drive-by download.
Carl Leonard, security research manager at Websense Security Labs, said: “When someone like the BBC gets infected by a malicious link, the potential for many innocent people to be affected by malware is huge. Modern threats target places where they will find good traffic, which is why we found that 80 per cent of the malicious sites we saw last year were actually legitimate sites that had been compromised.”
Paul Vlissidis, technical director at NGS Secure, said: “This attack reinforces the need for companies to ensure that their externally facing web presence complies with the most rigorous of security measures – particularly for such a national institution as the BBC.
“This attack is believed to be part of a more wide-scale campaign, and businesses and organisations in general should ensure that their systems are robust enough to avoid hackers compromising their sites and infecting their listeners, clients or customers.
“The news that many of the leading brands of anti-virus software failed to register the malware also highlights weaknesses in many users' IT security protocols. The Phoenix Exploit Kit that was used to create the malware has been in existence since 2007, yet only 12 of the 43 anti-virus brands detected it.”
Ed Rowley, senior product manager at M86 Security, said: “This just confirms the trend that malware is increasingly being injected into legitimate websites. It is worrying that less than a third of the main anti-virus vendors were able to protect customers against this exploit, particularly as the Phoenix exploit kit has been available to cyber criminals for some time.
"However, using real-time analysis technology that looks at the behaviour of code, rather than its signature, organisations can protect their networks and users against these types of exploits, without slowing down their employees' browsing times.”