Attackers have hijacked banner advertisements on ESPN’s popular sports site, soccernet.com with fake ads purporting to be from skyauction.com in an attempt to lure visitors to download malware.
With millions of unique visitors a month, it’s possible that tens of thousands of football enthusiasts visiting the site for their daily fix of football news may have been infected.
Users who visit soccernet.com are automatically re-directed to a malicious page that attempts to download malware to the visitor’s PC.
A pop-up claiming to have detected malware on the user’s PC soon follows, urging users to click on the page.
Sandi Hardmeier, security professional and Microsoft MVP confirmed that the site had been hit by a malicious advertisement.
"Soccer is one of the most popular sports in the world, and it is a grave concern that a site dedicated to the sport has been affected by the malicious advertising," Hardmeier said.
According to Hardmeier’s
blog: “That [ad] hijacks visitors to soccernet.com, and forces them to performanceoptimizer.com. As always, the performance optimiser site throws up fake alerts.”
SkyAuction.com has confirmed the ads were fabricated and are definite fakes.
Gary Doughty CTO at SkyAuction said: “Skyauction.com has been in business since 1999. As a specialty player in the global travel marketplace, we work really hard to bring new customers to our site and offer compelling reasons to browse and eventually purchase from us. The last thing we need is for someone to create fake malicious ads and cause damage to our reputation.”
Attackers have used the US travel site’s logo for malicious use previously. In November, Hardmeier discovered that ads on Sensis sites such as yellowpages.com.au, whitepages.com.au, whereis.com, and Telstra's BigPond portal had been hijacked by malicious ads claiming to be from Skyauction.com.
ESPN has 14.9 million unique users a month, according to statistics on the site provided by Media Metrix.
ESPN are yet to respond to emails regarding the attack.