Malicious World Cup website ponders why Zidane did it


In just a few weeks, Zinedine Zidane has gone from revered soccer superstar to demonized World Cup goat to bait for malicious code.

Security researchers are warning soccer fans of a malicious website using Zidane's now infamous head-butt of Italian opponent March Materazzi as a faux news story.

The malicious site looks just like an official World Cup 2006 site, except for the fake Zidane news story, according to researchers at Websense Security Labs.

When a duped soccer fan visits, his or her PC is infected with a trojan downloader, which then delivers its payload from the site.

Zidane, who came out of retirement this year to captain the French World Cup squad, was unceremoniously ejected from the final, a loss to Italy, after head-butting his opponent in the chest.

The malicious site is using a toolkit sold on a Russian website for $20 to $300, according to Websense.

Dan Hubbard, Websense senior director of security and technology research, said today that the malicious website and domain closely resembled the real World Cup sites, but the malware itself is routine.

"It's just a standard backdoor that it opens," he said. "It doesn't use any rootkit technology or anything."

Before and during World Cup action, security researchers warned soccer fans of a number of World Cup-related malware - with one scam advertising photos of nude fans - built to dupe users into infecting their PCs.

At least one pre-tournament survey warned corporations they could face a drain on bandwidth during games, as employees would stream online coverage onto their company-owned PCs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.