Security news26 June 2008
Popular tennis websites struck in latest malware attack, Sophos warns Tennis fans at risk as hackers infect websites during Wimbledon tournament
Pages on the ATP website have been infected with malicious code.
IT security and control firm Sophos is warning computer users of the importance of scanning all web traffic for malware following the discovery that webpages on the Association of Tennis Professionals (ATP) website have been infected with malicious code.
Pages on the ATP website are just some of the thousands on the internet to have been injected with a malicious script called Mal/Badsrc, according to Sophos experts. The script downloads another malicious script triggering an infection process which ultimately infects the victim with spyware.
Web security experts at Sophos note that by infecting pages on the website the hackers may capitalize on excitement surrounding Wimbledon 2008, one of the four grand slams in the tennis calendar making up part of the ATP tour, as tennis fans will be likely to visit the website keen to find out the latest news.
"The hackers responsible for this attack don't care what sites they infect, so long as there is a stream of potential victims likely to surf across the net, straight into their trap. The ATP website is just one of many sites to have been exploited by hackers trying to steal information from innocent internet users," said Fraser Howard, principal virus researcher at Sophos. "With the Wimbledon tournament taking place at the moment, the ATP website will be receiving a spike in visitors - but any tennis fan visiting the infected pages on the site risks being served straight into a crook's criminal racket."
Sophos customers are automatically protected against the threats of Troj/Iframe-AG and Mal/Badsrc, and users of other vendors' products are advised to update their software.
Microsoft issued an advisory this week warning of a rise in attacks targeting websites such as the one which has affected the ATP. The attacks are known as SQL Injection attacks.
"Many users simply do not understand the sheer scale of the SQL injection attacks we have been seeing in recent months," continued Howard. "A huge number of pages have been affected across government, corporate and personal sites. We have seen several cases where sites have been hit multiple times. Aside from simply having to clean up their databases to remove the malicious scripts, it is imperative that site administrators identify and fix pages containing code susceptible to these injection attacks."
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
