[WASC-WHID] WHID 2011-43: BBC music websites get hacked

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 09:04:50 EDT 2011


*Entry Title: *WHID 2011-43: BBC music websites get hacked
*WHID ID: *2011-43
*Date Occurred: *February 16, 2011
*Attack Method: *Unknown
*Application Weakness: *Improper Output Handling
*Outcome: *Planting of Malware
*Attacked Entity Field: *Entertainment
*Attacked Entity Geography: *UK
*Incident Description: *THE BBC'S MUSIC WEBSITES have been hacked to stream
malware using drive-by downloads for anyone browsing the infected webpages.
Hackers set the drive-by malware up at the BBC's 6 Music website and the BBC
1Xtra radio station website. Researchers at the insecurity outfit Websense
found the exploits and put its report up on its security labs blog.
"The BBC - 6 Music Web site has been injected with a malicious iframe, as
have areas of the BBC 1Xtra radio station Web site," an anonymous Websense
insecurity researcher wrote.
Websense claims the injected iframe is at the bottom of the BBC 6 Music
webpage and has been set up to automatically download some dodgy code from a
.cc website. Apparently the hack is exactly the same on the BBC's 1Xtra
website.
*Mass Attack: *No
*Reference: *
http://www.theinquirer.net/inquirer/news/2026766/bbc-music-websites-hacked
*Attack Source Geography:*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/189c167d/attachment-0003.html>


More information about the wasc-whid mailing list