And infected with malware

Nov 16, 2007 11:54 GMT  ·  By

Last week several security experts talked about a new trend in online hacking as the attackers are now aiming to inject a malicious code into the adverts published on famous websites in order to infect the visitors. Roger Thompson of Exploit Prevention Labs wrote that the NHL and the MLB websites were hacked as the attackers injected some sort of code which aims to infect the users. This is how the infection works: once you visit one of the two pages and you hit the refresh button, a pop-up banner is opened, advising you to perform a computer scan because your system might be infected. Clicking on Cancel redirects you to a dangerous page which attempts to install a piece of malware without any user approval.

"These are really hard to track down, because they don't happen every time you visit a site ... it took us hours to get our first capture... but it was both interesting and instructive that when we got a capture, one of our researchers on the other side of the world got one at about the same minute. Now, it was a different fake scanner, and a different path thru the ad network, but it was a startlingly similar style and almost the same time. We don't believe in coincidences," Roger Thompson wrote.

This piece of news comes after a few days since it was reported that DoubleClick, the online advertising giant which is about to be bought by Google, served infected adverts on numerous legitimate websites.

Sure, nobody accused DoubleClick of publishing the dangerous adverts but it represented the beginning of a new avalanche of threats which seems to be expanded on more and more websites. NHL and MLB are just two of them, the pages attracting millions of visitors every day from all over the world. NHL's website is ranked as the 1,360th in Alexa while MLB's won position number 337.