The online ticket site EuroTicketShop.com was identified as distributing malware to visitors when they attempted to buy tickets for the upcoming soccer tournament. According to a security alert from Sophos, as reported in ComputerWorld, hackers were able to inject malicious code into the site which is downloaded to the computers of fans visiting the legitimate ticket site. The article points out that Google pay-per-click advertisements were being used to attract visitors to the hacked site as well.
The use of a sporting event-related site for the distribution of malware is not a new occurrence. Back in 2007, the site of the Super Bowl host Miami Dolphins was hacked for a similar purpose.
The use of legitimate sites as a threat vector is increasing. In the last quarter of 2007, Cyveillance found that more than 51% of all Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. sites were being hosted on hacked, legitimate web sites.