Fox Sports Web Site Infected

Security researchers warn that the Fox Sports website has been compromised by unknown attackers, who injected malicious code into a custom error page. There are two separate offensive script tags, each of them created by a different infection.

The page was detected by the ThreatSeeker Network system developed and operated by Websense, a Web security vendor. Security researchers investigating the suspicious link determined that it was pointing to a custom "Page not Found" document, displayed in case of a 404 error.

Webmasters deploy such pages in order to help visitors who are looking for a Web resource that is no longer available. They include suggestions or search boxes that can be used to find the new location of the document.

The msn.foxsports.com website is operated by the Fox Sports division of the Fox Broadcasting Company and according to Alexa, it is in the top 330 websites in the world as far as traffic goes. This website is ranked at position 88 in the United States and is part of the MSN network.

The first malicious script tag loads a script for an external domain used in cybercriminal operations before. In particular, this script is part of the latest version of a mass injection attack known as Gumblar. Highly obfuscated code is used to perform various checks to determine a visitor's browser, operating system or installed software, and then execute exploits for known vulnerabilities.

"After deobfuscation, the page uses PDF and Flash exploits to run malware in order to control a victim's computer. In addition, a piece of VBScript is executed to download malware," the Websense researchers explain.

The secondary script tag loads a potentially malicious JavaScript file from a .cn domain. However, the server hosting this threat was offline and the security analysts couldn't determine its nature. The Fox Sports page seems to be clean now, but there is no way of telling for how long this infection ran until it was discovered.

It is worth noting that a similar issue was found on the MSN Canada website back in June. In that case, a redirect page, invisible to the user, but parsed by the browser, was infected with malicious code.