Major League Baseball, National Hockey League websites hit by traffic-redirection attack

November 14, 2007
Malicious banner ads first affected visitors to the websites of Major League Baseball and the National Hockey League late last week, according to researchers at Exploit Prevention Labs.

According to Roger Thompson, chief technology officer, the malicious banner ads hijacked user sessions on both websites. The malware then tried to force the visitor to download malware posing as an anti-virus application.

Thompson told SCMagazineUS.com today that visitors were not able to avoid the malware.

“The user never got a chance to give permission for the virus scan -- it just started right away. Second, it wasn't really scanning, it was just pretending to scan and showing all sorts of lies about what it was finding,” he said. "Then it would tell users that they needed to install software to clean it up. Even if you said, 'no,' it would keep trying to install -- it wouldn't take no for an answer, and users might even have to kill their browser, but this was not an easy thing to get out of."

The malicious ads appeared sporadically on the impacted websites from Friday through Sunday, Thompson said.  

"Some visitors got hijacked just visiting, others after five minutes, and others after two hours," he said, adding that the malicious ads may have appeared after the websites refreshed themselves.

Numerous prominent websites of the sports world have been the victims of cyberattacks in the past year. In February, attackers embedded a trojan within the website of Dolphins Stadium just days before the venue was to host Super Bowl XLI.

Prominent entertainment websites were also affected, according to Thompson.

“[The ads originated from] some third- or fourth-party site through the DoubleClick network to the nhl.com and mlb.com sites," he explained. Two non-sports sites, those for Billboard magazine and MTV, were also impacted by malicious ads.

One of Major League Baseball's teams, the Colorado Rockies, blamed a DDoS attack for cutting off ticket sales last month in the days leading up to the club's first World Series appearance.

The incidents mark an escalation in traffic-redirection attacks, according to Thompson.

"Banner ad attacks are not new in themselves, but associating them with major websites is an escalation," he said. "There was definitely a huge rash of it over the weekend."

Thompson said that a European anti-virus firm, AVG, first told Exploit Prevention Labs about the malicious ads.

Representatives from Major League Baseball and the National Hockey League could not be immediately reached for comment today.

prestitial ad