BBC confirms sites were hacked to serve malware
The BBC has confirmed that BBC Radio's 6Music and 1Xtra sites were hacked to serve malware. In a statement to The H, a BBC spokesperson said, "We can confirm that the 1xtra and 6Music websites were hacked yesterday. The issue was quickly dealt with, and the sites are now back to normal. We're currently investigating what happened".
The BBC will, presumably, be trying to establish how code was added to the home pages of both radio stations which included an iframe tag which downloaded an exploit to systems from a .cc domain; the Phoenix Exploit's Kit had been used to create the malicious binary.
Although the kit dates back to 2007, according to Websense only 9 of the 43 virus checkers used by VirusTotal were detecting it. That number has only marginally improved with a later report showing 12 out of 43 detecting the malware. Websense say it believes the hack is part of a current campaign of targetted mass-injection attacks.