The BBC-6 Music site and areas of the BBC 1Xtra radio station site are affected, according to a blog by researchers at Websense.
The injected iFrame occurs at the foot of the BBC 6 Music Web page, and loads code from a site in the .co.cc top-level domain, Websense says. The iFrame injected into the Radio 1Xtra Web page leads to the same malicious site.
"If an unprotected user browsed to the site, they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable," Websense says.
The payload is delivered to the end user only once, and the initial visit is being logged by the malware authors, Websense says. The code that is delivered to end users utilizes exploits delivered by the Phoenix exploit kit. Only about 20 percent of antivirus products would detect this file, the researchers say.
"Dasient's research team also saw this attack," says Neil Daswani, CTO and co-founder of Dasient, which offers a malware monitoring and prevention service. "The drive-by on the BBC website takes advantage of an exploit against Adobe PDF reader; among other exploits it delivers a drive-by-download that infects users' machines and has them join the Bredolab botnet."
"When a site like the Beeb gets infected by a malicious link, the potential for many innocent people to be affected by malware is huge," says Carl Leonard, senior manager, security research, at Websense Security Labs. "Modern threats target places where they will find good traffic, which is why we found that 80 percent of the malicious sites we saw last year were actually legitimate sites that had been compromised."
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.