Yesterday WTOP finally posted an article on what happened when attackers popped their websites early last week. Titled “WTOP and Federal News Radio Websites Back After Cyber Attack” the post gives the all-clear and summarizes their efforts to clean up everything. They even called in Mandiant… Still, they recommend caution and provided several steps (see FAQs near bottom) to ensure your computer is malware free.
For those that missed it … Invincea reported that attackers compromised both WTOP.com and FederalNewsRadio.com and configured the sites to serve up malware that exploited Java and Adobe browser add-ons to distribute fake antivirus software. The infection started sometime on May 5th and lasted through the 7th however only affected IE8 users.
The news websites, WTOP.com and FederalNewsRadio.com, are accessible to all Internet users following resolution of a cyberattack against the websites. Users accessing the websites from all web browsers, including Internet Explorer, have full access to both websites.
“Getting the websites back up and running safely for all users has been our top priority,” said Joel Oxley, Senior Vice President and General Manager of WTOP and Federal News Radio. “We take our users’ privacy very seriously, and we have taken steps to prevent similar occurrences. We apologize to our user community for any inconvenience that this incident has caused.”
WTOP.com and FederalNewsRadio.com were victims of cyberattacks last week. When the attacks were discovered, an investigation was launched immediately, the malicious code was removed, additional security measures were installed, and federal law enforcement officials were notified of the incident.
Access to the websites from Internet Explorer web browsers was blocked to allow for a careful examination of how site security was compromised and after the initial review, which suggested the hackers may have targeted Internet Explorer users.
Full access to the websites was restored on Saturday evening, May 11, 2013, after a review of site security and implementation of recommendations to fix the vulnerabilities the attacker exploited to gain access to the websites. The review was conducted and recommendations were made by Mandiant, an internationally recognized cybersecurity consulting firm.
“We have found and eliminated the vulnerabilities that were exploited,” said John Spaulding, the Washington, D.C. Director of Information Systems for Hubbard Radio, the parent company of WTOP and Federal News Radio.
Computers infected with the malware may display a pop-up message indicating that the computer is infected with a virus. This pop-up message may be fake if it prompts the user to click on a link, which takes them to a website that is not recognized by the user. This fake website offers security software for sale and prompts users to provide personal information, including credit card numbers. Users should not provide information, if prompted to do so.
Computers with up-to-date anti-virus programs and security software should identify the malware and provide instructions on how to delete or quarantine it.
Out of an abundance of caution, WTOP.com and Federal News Radio users who accessed the websites from any web browser during the cyberattack, which occurred approximately from May 5 to May 7, are encouraged to update and run their security software and perform a malware scan on their computer. (See below for more information on how to run a malware scan.)
In addition, the passwords for all registered users and users who receive breaking news, daily headline or other emails from both websites have been reset. These users have been contacted directly, informed of the need to reset their passwords the next time they visit the websites, and encouraged to change their passwords on other websites where they use the same password.
“During the cyberattack, it is possible the database of WTOP.com and FederalNewsRadio.com email users may have been compromised. However, we have no evidence that any log-in information was actually acquired by the hackers,” said Spaulding.
Neither WTOP.com nor FederalNewsRadio.com collect or store Social Security numbers or credit card information.
WTOP.com and FederalNewsRadio.com are reaching out to all users, via email messages and through social media, to make them aware of the situation. More information on how to detect malware on a computer can be found below.
Today’s post pic is from HubbardRadio.com. See ya!