February 15, 2011

BBC - 6 Music and 1xtra Web site Injected With Malicious iFrame

Carl Leonard Principal Security Analyst

The BBC - 6 Music Web site has been injected with a malicious iframe, as have areas of the BBC 1Xtra radio station Web site.  At the time of writing this blog, the sites are still linking to an injected iframe.


Websense customers are protected with our Advanced Classification Engine analytics, our suite of technologies withinTRITON.


Screenshot of injected malicious iframe:


The injected iframe occurs at the foot of the BBC 6 Music Web page, and loads code from a Web site in the .co.cc TLD.  The iFrame injected into the Radio 1Xtra Web page leads to the same malicious site. 

If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable. 

The payload is delivered to the end user only once, with the initial visit being logged by the malware authors. 

The code that is delivered to end users utilizes exploits delivered by the Phoenix exploit kit. A malicious binary is ultimately delivered to the end user. The VirusTotal detection of this file is currently around 20%. 

This attack is part of a current mass-injection targeting vulnerable Web sites.  We shall continue to investigate this threat and offer protection to our customers from this and similar attacks.

Carl Leonard

Principal Security Analyst

Carl Leonard is a Principal Security Analyst within Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’s global Labs teams. Focusing on protecting companies against the latest cyberattacks that...

Read more articles by Carl Leonard

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.