Pages on the ATP website have been infected with malicious
IT security and control firm Sophos is warning computer users of
the importance of scanning all web traffic for malware following
the discovery that webpages on the Association of Tennis
Professionals (ATP) website have been infected with malicious
Pages on the ATP website are just some of the thousands on the
internet to have been injected with a malicious script called
Mal/Badsrc, according to Sophos experts. The script downloads
another malicious script triggering an infection process which
ultimately infects the victim with spyware.
Web security experts at Sophos note that by infecting pages on
the website the hackers may capitalize on excitement surrounding
Wimbledon 2008, one of the four grand slams in the tennis calendar
making up part of the ATP tour, as tennis fans will be likely to
visit the website keen to find out the latest news.
"The hackers responsible for this attack don't care what sites
they infect, so long as there is a stream of potential victims
likely to surf across the net, straight into their trap. The ATP
website is just one of many sites to have been exploited by hackers
trying to steal information from innocent internet users," said
Fraser Howard, principal virus researcher at Sophos. "With the
Wimbledon tournament taking place at the moment, the ATP website
will be receiving a spike in visitors - but any tennis fan visiting
the infected pages on the site risks being served straight into a
crook's criminal racket."
Sophos customers are automatically protected against the threats
and Mal/Badsrc, and users of other vendors' products are advised to
update their software.
Microsoft issued an advisory this week warning of a rise in
attacks targeting websites such as the one which has affected the
ATP. The attacks are known as SQL Injection attacks.
"Many users simply do not understand the sheer scale of the SQL
injection attacks we have been seeing in recent months," continued
Howard. "A huge number of pages have been affected across
government, corporate and personal sites. We have seen several
cases where sites have been hit multiple times. Aside from simply
having to clean up their databases to remove the malicious scripts,
it is imperative that site administrators identify and fix pages
containing code susceptible to these injection attacks."