Threat Intelligence Blog

Posted March 27, 2008

The online ticket site was identified as distributing malware to visitors when they attempted to buy tickets for the upcoming soccer tournament. According to a security alert from Sophos, as reported in ComputerWorld, hackers were able to inject malicious code into the site which is downloaded to the computers of fans visiting the legitimate ticket site. The article points out that Google pay-per-click advertisements were being used to attract visitors to the hacked site as well.

The use of a sporting event-related site for the distribution of malware is not a new occurrence. Back in 2007, the site of the Super Bowl host Miami Dolphins was hacked for a similar purpose.

The use of legitimate sites as a threat vector is increasing. In the last quarter of 2007, Cyveillance found that more than 51% of all phishing sites were being hosted on hacked, legitimate web sites.

Additional Posts

Malware Used to Steal Credit Card Data at Hannaford

eWeek updates the Hannaford data breach story, explaining that malware was found to be present on ...

Phishing for AdWords

Search Engine Roundtable reports a new round of phishing attacks that target the credit and debit ...