Monday, October 5, 2009

Millions At Risk Visiting Popular Sports Site

The Fox Sports website remains infected and a risk to the 6m+ visitors ([popularity data] as reported by Compete). This website, ranked as the 75th most popular website in the United States and 311th most popular in the World according to Alexa [populartiy data] remains compromised and a major security risk to end-users. eSoft first reported on this threat on Friday, October 2nd, but was incorrect in saying that the infection was cleaned up. [Clarification: the specific pages eSoft examined were cleaned, but other pages have been discovered to still be compromised.] As of today, certain pages on the Fox Sports site remain infected. The eSoft team has written to the webmaster at Fox Sports (along with all contacts listed in their whois records) with some details that we hope will help their team clean up the website. When we hear back from them, we will post so here.

Note that the malware being delivered through this threat remains undetected by the vast majority of anti-virus software. Also note that the compromised pages are being served through the Akamai network although at this time we believe the threat is specific to Fox Sports and not Akamai. Here is part of the email sent to Fox Sports by the eSoft team:

To Whom It May Concern:

eSoft has detected that your website,, remains infected with a dangerous, hidden iframe that links to a site that uses a variety of exploits to infect your website visitors with one of several rotating trojans. In particular, your 404 Page Not Found page on that server has the iframe right at the end of the HTML document immediately before the </body> tag. See attached screenshot. Unfortunately, eSoft cannot say how your site was compromised, only that it is compromised and the compromised pages are being served through your Akamai distribution network. At this time, eSoft has marked as a Compromised site and millions of end users are currently blocking access to the site based on that determination. Please let us know when you have corrected the issue so that we may unblock your site.


No comments: