Sports fan sites being compromised by malicious authors is not unheard of. We’ve seen it happen to a Jets fan site in early January this year, and we’re seeing it again in another fan site–this time of Arsenal, a popular English soccer team.
The compromised Web site in this case is Onlinegooner.com, which was reported by ScanSafe OI to be “maliciously active.” STAT confirmed that the fan site had been injected with malicious code, which led to the download of malware from the following IP addresses:
It was observed that the aforementioned addresses were hosted from several parts of the globe, like Thailand, Hong Kong, and Russia. The downloaded malware was found to contain rootkit, keylogging, backdoor, ARP poisoning, and DNS spoofing capabilites — all of which are, admittedly, pretty sophisticated features for a malware.
Onlinegooner.com has been bringing news to Arsenal fans for a decade now, and it was also news that was used to bring malware to fans. As the seeding of malware took place February 18, one motivation for the compromise could have been the then-upcoming Champions League match that the team had against AC Milan. Closely following this event was striker Eduardo da Silva’s injury, which must have also served the malicious users’ purposes in drawing more fans to the site.