Popular tennis websites struck in latest malware attack, Sophos warns

June 26, 2008 Sophos Press Release

ATP logo
Pages on the ATP website have been infected with malicious code.

IT security and control firm Sophos is warning computer users of the importance of scanning all web traffic for malware following the discovery that webpages on the Association of Tennis Professionals (ATP) website have been infected with malicious code.

Pages on the ATP website are just some of the thousands on the internet to have been injected with a malicious script called Mal/Badsrc, according to Sophos experts. The script downloads another malicious script triggering an infection process which ultimately infects the victim with spyware.

Web security experts at Sophos note that by infecting pages on the website the hackers may capitalize on excitement surrounding Wimbledon 2008, one of the four grand slams in the tennis calendar making up part of the ATP tour, as tennis fans will be likely to visit the website keen to find out the latest news.

"The hackers responsible for this attack don't care what sites they infect, so long as there is a stream of potential victims likely to surf across the net, straight into their trap. The ATP website is just one of many sites to have been exploited by hackers trying to steal information from innocent internet users," said Fraser Howard, principal virus researcher at Sophos. "With the Wimbledon tournament taking place at the moment, the ATP website will be receiving a spike in visitors - but any tennis fan visiting the infected pages on the site risks being served straight into a crook's criminal racket."

Sophos customers are automatically protected against the threats of Troj/Iframe-AG and Mal/Badsrc, and users of other vendors' products are advised to update their software.

Microsoft issued an advisory this week warning of a rise in attacks targeting websites such as the one which has affected the ATP. The attacks are known as SQL Injection attacks.

"Many users simply do not understand the sheer scale of the SQL injection attacks we have been seeing in recent months," continued Howard. "A huge number of pages have been affected across government, corporate and personal sites. We have seen several cases where sites have been hit multiple times. Aside from simply having to clean up their databases to remove the malicious scripts, it is imperative that site administrators identify and fix pages containing code susceptible to these injection attacks."