*Entry Title: *WHID 2011-43: BBC music websites get hacked *WHID ID: *2011-43 *Date Occurred: *February 16, 2011 *Attack Method: *Unknown *Application Weakness: *Improper Output Handling *Outcome: *Planting of Malware *Attacked Entity Field: *Entertainment *Attacked Entity Geography: *UK *Incident Description: *THE BBC'S MUSIC WEBSITES have been hacked to stream malware using drive-by downloads for anyone browsing the infected webpages. Hackers set the drive-by malware up at the BBC's 6 Music website and the BBC 1Xtra radio station website. Researchers at the insecurity outfit Websense found the exploits and put its report up on its security labs blog. "The BBC - 6 Music Web site has been injected with a malicious iframe, as have areas of the BBC 1Xtra radio station Web site," an anonymous Websense insecurity researcher wrote. Websense claims the injected iframe is at the bottom of the BBC 6 Music webpage and has been set up to automatically download some dodgy code from a .cc website. Apparently the hack is exactly the same on the BBC's 1Xtra website. *Mass Attack: *No *Reference: * http://www.theinquirer.net/inquirer/news/2026766/bbc-music-websites-hacked *Attack Source Geography:*