Don't fall foul to website drive-by malware on soccer ticket website
IT security and control firm Sophos is warning football fans to be careful when buying tickets for the forthcoming Euro 2008 championships online following the discovery of malicious code on the website of a large European ticket re-sale company. The site in question has a high search engine ranking and a presence among sponsored links, indicating that the hackers may have a huge pool of potential victims.
According to SophosLabs, visitors attempting to purchase tickets through the site will be exposed to the malicious script which is embedded in some of the webpages. This malware then attempts to download further attacks from another remote website. Sophos experts advise computer users to be on their guard and ensure their IT security solutions and fully up to date.
"This is not the first time that hackers have attempted to capitalize on sporting events, and unfortunately in the run up to the competition this summer, we're likely to see more sites like this being hacked, as well as other scams preying on football fans' fervour," said Graham Cluley, senior technology consultant at Sophos. "Fans keen to get tickets to a game need to make sure they don't get carried away in the excitement and score an own goal before kick off. It's essential that all computer users ensure their security settings are up to date and able to defend against these threats."
Sophos products have been proactively protecting against the malware, known as Mal/ObfJS-R, since 31 October 2007, but customers of other vendors' products may need to update their protection.
Learn more about the hacked Euro 2008 ticket website on the SophosLabs blog
Sophos noted in its 2008 Security Threat Report that a huge number of legitimate webpages are now being compromised by cybercriminals as they attempt to infect more computers. Sophos currently discovers a new infected webpage every 14 seconds, 83 percent of which are hosted on legitimate sites that most surfers wouldn't think twice about visiting.
Hackers often use big events to exploit computer users and spread their attacks. In 2007, the website of the Miami Dolphins, host of last year's Superbowl, was compromised in the days leading up to the event in order to infect fans logging on to the site.
Sophos recommends all computer users protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK.