Two BBC music websites have been compromised after hackers injected them with malicious iframes.
Sections of both BBC 6 Music and BBC 1Xtra websites were found to be linking to a malicious site that was spewing out malware.
"If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable," Websense Security Labs reported. "The payload is delivered to the end user only once, with the initial visit being logged by the malware authors."
The security firm said the attack forms part of a wider mass-injection attempt by hackers, targeting vulnerable websites.
The injected iframe is found at the foot of the BBC 6 Music page and loads code from a website in the.co.cc region, which is located in the Cocos Islands, also known as Keeling Islands, an Australian territory. The iFrame injected into the Radio 1Xtra Web page leads to the same malicious site.
Below is a screenshot Websense took of the injected malicious iframe.
At the time of publication, the BBC had not responded to a request for comment on the exploit.
This is not the first time the BBC has been targeted by hackers.
Back in 2008, the broadcaster's official website was hit by a distributed denial of service (DDoS) attack, reportedly crippling performance.
The BBC was also under scrutiny in 2009, when its Click technology programme showed how easy it was to launch attacks by buying a botnet and infecting 22,000 computers.
