The US-CERT National Cyber Awareness System sent out a notification yesterday and revised it today, May 21st entitled “TA13-141A: Washington, DC Radio Station Web Site Compromises”.
The document outlines that on May 16th US-CERT was informed that two websites www.federalnewsradio-dot-com and www.wtop-dot-com had been compromised and that redirects had been put in place that would send Internet Explorer users to a package that would install malicious software (an exploit kit). It also highlights the fact that as of May 17th, it was confirmed that this redirect and payload were both removed from those sites.
People who visited those sites while the redirect was in place could be potentially compromised themselves.
In order for the exploit to work to correctly, you would need multiples of the following:
- A computer running Microsoft Windows, presumably without OS updates in place
- Be using Microsoft Internet Explorer as your browser
- Have an older, unpatched version of Adobe Reader or Acrobat installed
- Have an older, unpatched version of Oracle Java installed
- Have inadequate or un-updated anti-virus in place
The more of those criteria that you meet, the higher the likelihood of your machine becoming exploited and in this particular case, having the ZeroAccess Trojan installed and potentially the FakeAV/Kazy malware piggybacked with that. ZeroAccess gets busy once in place, joining a command and control system, and downloading additional malicious applications such as a fake Flash installer.
Protecting yourself is easy to do. Install updates, use quality anti-virus, and a dash of common sense helps too!
Protecting an entire network with several computers and servers may be a more demanding task. You probably want to get a qualified service provider to assist in that endeavor.
If your business is in the Greenville, Spartanburg or Anderson SC, we would love to discuss security issues with you. Homeland Secure IT provides computer, server and network security, support and sales to the Upstate. We are partners with some of the biggest names in the business, such as Cisco, WatchGuard, Microsoft, Symantec, Trend Micro and more! Please call us at 864-990-4748 or use our contact form on our website!
One other thing – if you feel for some reason that you may be infected, most of the time, you are. Don’t take a chance. We can help scan your machines or networks and clean them up should that be the case.