Webpages on the Association of Tennis Professionals (ATP) website have been infected with malicious code in the same week Wimbledon, the most popular Grand Slam of the tennis calender, gets underway.
Wimbledon enthusiasts visiting the ATP webpage for match results this week may be infected with malicious code, experts at Sophos have warned.
The ATP website has been injected with a malicious script called Mal/Badsrc, which downloads an infection process which ultimately infects the victim with spyware.
According to Sophos, thousands of other Web pages on the Internet have been compromised with the same malicious code.
Web security experts at Sophos note that by infecting pages on the website, the hackers may capitalise on excitement surrounding Wimbledon 2008, as tennis fans will be likely to visit the website keen to find out the latest news.
"With the Wimbledon tournament taking place at the moment, the ATP website will be receiving a spike in visitors - but any tennis fan visiting the infected pages on the site risks being served straight into a crook's criminal racket," said Fraser Howard, principal virus researcher at Sophos.
"The hackers responsible for this attack don't care what sites they infect, so long as there is a stream of potential victims likely to surf across the net, straight into their trap,” he added.
Microsoft issued an advisory this week warning of a rise in attacks targeting websites such as the one which has affected the ATP. The attacks are known as SQL Injection attacks, said Sophos.
"Many users simply do not understand the sheer scale of the SQL Injection attacks we have been seeing in recent months," said Howard. "A huge number of pages have been affected across government, corporate and personal sites.
Targeting popular sporting sites is an emerging trend amongst cybercriminals who have targeted ESPN’s Soccernet.com and the NFL site during the Superbowl.
ATP webpages compromised during Wimbledon tournament
By Staff Writers on Jun 27, 2008 11:06AM