By
updated 6/11/2013 4:49:30 PM ET 2013-06-11T20:49:30

The Drudge Report is where millions of news junkies of all political persuasions go to get their daily morning fix. What those people don't expect as they sip their coffee is a malware infection. 

Fairfax, Va., security firm Invincea noticed yesterday morning (June 10) that Drudge's front page linked to a Washington Free Beacon piece entitled " NSA Leaker Surfaces in Hong Kong."

The Free Beacon story contained malware that triggered a drive-by download onto visiting Web browsers. (The piece has since been cleaned of malware.)

The story's writer tried to link NSA leaker Edward Snowden to the Chinese government. Meanwhile, the story's readers were subject to the kind of attack often used by Chinese state-sponsored hackers.

"In addition to the article on the NSA leaks story that was compromised, JavaScript has been injected onto several pages, including the main index page for the Free Beacon, that builds an iframe to redirect inbound user traffic" to malware sites, Invincea's Eddie Mitchell wrote on the company blog.

 [ Why the NSA's PRISM Program Shouldn't Surprise You ]

The Washington Free Beacon is a politically oriented news blog that specializes in publicizing alleged misdeeds by Beijing.

Drudge readers who clicked on the Free Beacon link would in many cases have been infected immediately. The malware being used had polymorphic code, meaning it changes often and would not have been detected by code-analyzing anti-virus software.

All users who visited the Free Beacon site yesterday should update their anti-virus software and perform a full system scan as soon as possible.

According to the Quantcast Web statistics site, the Drudge Report yesterday received 1.9 million unique visitors on desktop and laptops and 209,000 unique visitors on mobile devices. Similar statistics are not available for the Free Beacon site.

Many Washington-area websites have recently been the subjects of similar "watering hole" attacks, in which websites of particular interest to specific groups of people are infected with browser malware, with the goal of infecting members of that particular group.

Once inside the computers, the malware opens "backdoors" to malicious hackers, who can steal information, install spyware or rope the computers into a botnet to serve up yet more malware.

Two websites frequented by D.C. decision-makers, those of the Council on Foreign Relations and the National Journal, were hit by similar watering-hole attacks in recent months.

Ironically, it was The Washington Free Beacon that broke the story of the Council on Foreign Relations attack, and tried to pin the blame for the attack on China.

However, Invincea's Mitchell said the goal in the National Journal and Free Beacon attacks was not espionage, but routine money-making cybercrime.

In both instances, the Fiesta browser exploit kit infected computers with "scareware," fake anti-virus software that warns users their systems are infected and implores them to buy (phony) solutions immediately.

Exploit kits are nasty bundles of malware that hammer Web browsers with one attack after another until one gets through and infects the machine.

In this case, Fiesta was serving up several exploits against the Java software environment, an optional plug-in for Web browsers that is often enabled by default.

Java browser plug-ins are such a security risk that many experts recommend all users disable the plug-ins unless absolutely necessary.

Follow Paul Wagenseil @snd_wagenseil. Follow us @TechNewsDaily Facebook  or Google+.

© 2012 TechNewsDaily

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments