Football Might Get You Infected
Recently SophosLabs identified a malicious script on the website of a European ticket re-sale company, currently building up to selling tickets for the forthcoming Euro 2008 championships. The site in question (http://en.euro2008.uefa.com/index.html) has a high search engine ranking and a presence among sponsored links, indicating that the hackers may have a huge pool of potential victims.
The site has been compromised in an attempt to create a classic drive-by download attack. Attempting to purchase tickets through the site will expose the user to a malicious script embedded in the pages (detected by Sophos as Mal/ObfJS-R). The script is intended to load further malicious content from a remote site. However, initial analysis suggests the script is somewhat buggy, maybe it broke during obfuscation.
Users may not become infected when browsing the site, in some browsers at least. The site is likely to attract high numbers of visitors as the championships get closer, but contact via email and telephone has thus far been fruitless. Using search engines to find a suitable ticket vendor shows the site has quite a high ranking, including a presence amongst the sponsored links.
It is not the first time we have seen a sporting event involved in an attack – shortly before the 2007 Superbowl the web site of the Miami Dolphins was compromised in order to infect victims logging on in the days leading up to the event. The Superbowl attack was almost certainly targeted, timed just before the event. In contrast the Euro 2008 ticket site has most probably not been specifically targeted, but caught up in a larger, widespread attack.
The huge number of legitimate sites being compromised presents a risk to all of us, even those that are careful.
Sophos urged all computer users to ensure that their security settings are up to date and able to defend against such threats.
Credit: SophosLabs UK
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.