Sign up to our newsletter
[Update: the BBC Radio 6 issue is now confirmed by WebSense (apologies for misattributing it earlier!), who have more detail here, and note that areas of the BBC 1Xtra radio station Web site are also affected.]
I hear from ESET colleagues in the UK that the BBC's Radio 6 homepage (one of the Beeb's music stations) is currently afflicted by a malicious link, detected by ESET's products as HTML/Iframe.B.Gen. The link is to a site flagged by a number of other resources as carrying malware.
The BBC have been informed, but at the time of writing the page was still compromised, and I'm in the process of finding a more direct contact.
Jonathan Deane also pointed me (I'm at RSA and not connected to the Internet most of the time) to an announcement at http://lush.com.au/ indicating that Lush's Australian and New Zealand web pages have been compromised, suggesting that customer data may have been stolen, and advising anyone who's placed an online order with the company to check with their bank to see if they should cancel their credit card. While the UK and antipodean sites aren't directly connected, it appears they've been similarly targeted.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, ESET