BBC music sites hacked

BBC

Two BBC music websites have been compromised after hackers injected them with malicious iframes.

Sections of both BBC 6 Music and BBC 1Xtra websites were found to be linking to a malicious site that was spewing out malware.

"If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable," Websense Security Labs reported. "The payload is delivered to the end user only once, with the initial visit being logged by the malware authors."

The security firm said the attack forms part of a wider mass-injection attempt by hackers, targeting vulnerable websites.

The injected iframe is found at the foot of the BBC 6 Music page and loads code from a website in the.co.cc region, which is located in the Cocos Islands, also known as Keeling Islands, an Australian territory. The iFrame injected into the Radio 1Xtra Web page leads to the same malicious site.

Below is a screenshot Websense took of the injected malicious iframe.

Payload

At the time of publication, the BBC had not responded to a request for comment on the exploit.

This is not the first time the BBC has been targeted by hackers.

Back in 2008, the broadcaster's official website was hit by a distributed denial of service (DDoS) attack, reportedly crippling performance.

The BBC was also under scrutiny in 2009, when its Click technology programme showed how easy it was to launch attacks by buying a botnet and infecting 22,000 computers.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.