Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us

    Sports fan sites being compromised by malicious authors is not unheard of. We’ve seen it happen to a Jets fan site in early January this year, and we’re seeing it again in another fan site–this time of Arsenal, a popular English soccer team.

    The compromised Web site in this case is Onlinegooner.com, which was reported by ScanSafe OI to be “maliciously active.” STAT confirmed that the fan site had been injected with malicious code, which led to the download of malware from the following IP addresses:

    • 61(dot)19(dot)246(dot)58
    • 202(dot)83(dot)212(dot)250
    • 89(dot)107(dot)104(dot)30

    It was observed that the aforementioned addresses were hosted from several parts of the globe, like Thailand, Hong Kong, and Russia. The downloaded malware was found to contain rootkit, keylogging, backdoor, ARP poisoning, and DNS spoofing capabilites — all of which are, admittedly, pretty sophisticated features for a malware.

    Onlinegooner.com has been bringing news to Arsenal fans for a decade now, and it was also news that was used to bring malware to fans. As the seeding of malware took place February 18, one motivation for the compromise could have been the then-upcoming Champions League match that the team had against AC Milan. Closely following this event was striker Eduardo da Silva’s injury, which must have also served the malicious users’ purposes in drawing more fans to the site.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice