WTOP & FedNewsRadio Websites Hacked & Punting Fake AV

May 7, 2013
By

Post to Twitter Post to Facebook Post to Reddit

Well this hits pretty close to home… According to technology firm Invincea, the websites for DC-based WTOP and FederalNewsRadio were compromised and have been exploiting Java and Adobe browser add-ons to distribute fake antivirus software. The website for tech pundit John Dvorak was affected as well. Thanks to @thomashoffecker for pointing this out to us.

The Invincea post contains a very detailed analysis of the malware in action as well as several detection signatures (i.e., Snort, Mandiant IOC, NetWitness rules). We’re unsure if the sites are still infected but it’s best to be safe than sorry and avoid them for now.

via Invincea.com

On the evening of May 6th, it was reported that wtop[.] and federalnewsradio[.] were  compromised and redirecting user traffic to an Exploit Kit serving the same FakeAV malware variant that was affecting visitors to dvorak[.]org over the weekend.  We had visited the Dvorak site and conducted a thorough analysis of the infection and were preparing to blog about the same when this discovery was made. WTOP is the largest radio station in the Washington DC metropolitan area by marketshare and is an all-news radio station. FederalNewsRadio is a sister news station targeted to reach the Federal workforce. Dvorak is a tech blogger/pundit. All three sites are known to have been compromised to infect their visitors with browser-based exploits of third party plug-ins including Java and Adobe. In the case of WTOP, the potential risk is a large number of their visitors may get compromised. In the case of FederalNewsRadio, the target audience is the Federal employee; therefore compromising FederalNewsRadio[.] is effectively setting a watering hole attack site for Federal employees. These are all media sites that are we know to have been compromised over the last several days. This is likely an indicator of a larger more widespread attack against online media sites.

Continued here.

#####

Today’s post pic is from HubbardRadio.com. See ya!

Tags: , , , ,

6 Responses to WTOP & FedNewsRadio Websites Hacked & Punting Fake AV

  1. Nathi Thwala (@Nathiet) on May 7, 2013 at 1:14 am

    #NoVABlogger WTOP & FedNewsRadio Websites Hacked & Punting Fake AV http://t.co/DXkzxXOFTm

  2. Packetknife Too (@PacketknifeToo) on May 7, 2013 at 1:44 am

    WTOP & FedNewsRadio Websites Hacked & Punting Fake AV http://t.co/Ea3vJT0IFR

  3. Thomas Dyer (@thomasedyer) on May 7, 2013 at 2:12 am

    WTOP & FedNewsRadio Websites Hacked & Punting Fake AV http://t.co/T677l3t0Qn #infosec

  4. Dale Halterman (@CyberSecMatters) on May 7, 2013 at 2:42 am

    Well this hits pretty close to home… According to technology firm Invincea, the websites for DC-based WTOP and… http://t.co/VmrIuUlweG

  5. @RalphBroom on May 7, 2013 at 8:04 am

    Watering hole attack on WTOP & FedNewsRadio https://t.co/yICjm5geJ0

  6. diba zinsen on September 5, 2013 at 5:38 pm

    My brother suggested I might like this website. He was entirely right.
    This post actually made my day. You cann’t imagine just how much time I had spent for this information!
    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.