Malicious Ads on Prominent Sports Sites Affect Visitors

Hackers attacked the National Hockey League and Major League Baseball Websites to embed an exploit in them that would trick visitors into downloading and installing a malware after convincing them that their computers needed a virus scan.

If users clicked 'cancel', they would simply be directed to another Website that would try to scan their PCs and install a malicious program. The exploit was hard to identify because according to security researchers, it would become active at random intervals.

Roger Thompson, Security Researcher from Exploit Prevention Labs, has furnished the ads with relevant proofs and since then, the ads have been moved to a video. The film shows how the ads compromise the browser and divert the user from the real site and try to download and install unsolicited software. Vnunet published this on November 14, 2007.

Using a so-called "scan and scare" trick, the malicious ads offer a scanning system, free of charge, which then sends back misleading or fraudulent results that actually scare the surfer into buying the software. Fraudulent security vendors popularly use this tactic when they deliberately sell malicious or ineffective security programs.

Initially, the ads were thought to arrive from a network of Doubleclick, albeit the company was soon vindicated. According to the researchers, the advertisers directly contacted the sites and then managed to send the ads through the DART ad-serving system at Doubleclick.

Prominent sports Websites might have been victims of online attacks in 2006 also. Again, early this year in February, attackers infected the Dolphins Stadium Website with a Trojan just few days before the Super Bowl XLI was to be played at the stadium. This had affected some prominent Websites on entertainment.

Two sites not related to sports (those of MTV and Billboard magazine) also felt the impact of the malicious ads. The Colorado Rockies, a team of the Major League Baseball, held a DDoS attack responsible for bringing down the sale of tickets in October 2007 during the days just before the club was to make its first appearance for the World Series. These incidents represent the increase in attacks that redirect traffic.

Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected

» SPAMfighter News - 11/28/2007