Posted March 27, 2008
The online ticket site EuroTicketShop.com was identified as distributing malware to visitors when they attempted to buy tickets for the upcoming soccer tournament. According to a security alert from Sophos, as reported in ComputerWorld, hackers were able to inject malicious code into the site which is downloaded to the computers of fans visiting the legitimate ticket site. The article points out that Google pay-per-click advertisements were being used to attract visitors to the hacked site as well.
The use of a sporting event-related site for the distribution of malware is not a new occurrence. Back in 2007, the site of the Super Bowl host Miami Dolphins was hacked for a similar purpose.
The use of legitimate sites as a threat vector is increasing. In the last quarter of 2007, Cyveillance found that more than 51% of all phishing sites were being hosted on hacked, legitimate web sites.