Skip to main content

Infected BBC News Stories that install spyware

This BBC News replica website (screenshot above) is dangerous enough to automatically download and install keylogging software on your computer.

E-mail messages contain excerpts from actual BBC news stories offer a link to "Read More". Users who follow this link are taken to a website that is a spoofed copy of the BBC news story from the e-mail.

This BBC replica website exploits the unpatched IE createTextRange vulnerability and is currently being used to download and install a keylogger. This keylogger monitors activity on various financial websites and uploads captured information back to the attacker.

WebSense have identified more than 200 unique URL's that are using the vulnerability to run exploit code.

Source: WebSense | EWeek