BBC Streaming Sites Serve Up Malware

Streaming sites operated by the BBC were hacked on Tuesday, according to Websense, as part of a current mass-injection targeting vulnerable web sites.  The BBC sites began silently serving visitors malware.  An iframe tag at the foot of the page on the BBC’s 6 Music and 1Xtra websites injected an exploit from a website with an address ending in cc, a top level domain for the Cocos Islands.  Simply browsing to the page is enough to get infected with a malicious executable.  The malicious binary was generated by the Phoenix exploit kit, which dates back to 2007 and streamlines malware infections by collecting detailed statistics.