NBC.com - which hosts entertainment
It does??? I suppose some of the political commentators are hilarious.
The website of US TV network NBC was hacked to deliver Java and PDF exploits. The attack against NBC.com - which hosts entertainment and TV content - used a cybercrime toolkit called Redkit that was ultimately aimed at delivering Citadel, a banking Trojan. NBC acted promptly to cleaned up its promotional site, admitting the …
To deliver the malware, RedKit exploits two popular bugs:
1.) The Adobe Acrobat and Reader LibTIFF vulnerability (CVE-2010-0188).
2.) The Java AtomicReferenceArray vulnerability (CVE-2012-0507), lately used by the criminals behind the massive Flashback infection.
So basically one Adobe PDF Reader vulnerability that was patched two years ago and one Smoking Piece o'Java that was patched last year.
Despite Oracle Slagware being a torture hole of demonic spew, if you'd kept it patched to the latest vulnerable version, you would still have missed out on joining the trojanfest. Nice to know that keeping the patches up had some little use and wasn't totally a Sisyphean task heading towards Pyrrhic Victory.