Application security, Incident Response, TDR

March Madness nearing, but cyberthreats already here

Sports fans might be eager for March Madness to begin later this week, but for cybercriminals, the games already have begun.

A number of security firms already have spotted attacks that target fans of the annual NCAA men's college basketball tournament, which kicks off Thursday afternoon EST.

Cybercriminals are poisoning top Google search results related to March Madness to lure users into visiting fake anti-virus sites, Stephan Chenette, manager of security research at security firm Websense told Tuesday. Attackers are using deceptive search engine optimization (SEO) to get their malicious sites to the top of results on Google and other search engines, Chenette said.

Searches for “March Madness schedule,” “March Madness brackets,” and “2009 NCAA bracket predictions” have been poisoned, Chenette said. The malicious sites fall in the top ten search results, and have been as high up as the first result.

in most instances, when users follow a poisoned search link, they are directed to a fake anti-virus site, where they are told their computer is infected and they should download a rogue program. However, they actually end up installing a fake solution that, at some point, will prompt them for money, Chanette said.

“Users are warned to be very cautious when clicking on any March Madness hyperlinks,” Chanette said. “Even Google search results should be clicked on with caution.”

Attackers also are using automated software to post comments on sports blogs, which actually contain links to spam websites, Chanette said. The links typically lead to fake AV or fake video sites where users are told they can watch March Madness videos but need a codec -- which is really a trojan -- to watch, Chanette said.

Spencer Parker, director of product management at web security firm ScanSafe, told Tuesday that it seems Google appears to be quickly taking down the malicious sites, but users must still be wary.

Parker said that in addition to the attacks taking place, viewing the basketball games -- many of which occur during work hours on Thursday and Friday -- is likely to cause bandwidth issues for companies.

During March Madness last year, traffic to popular college basketball websites such as and increased more than 10,000 percent, Parker said. Employees will likely view the games via streaming video sites while at work, which, besides slowing employee productivity, can also “severely disable” network performance.

Because of productivity of bandwidth issues, companies may decide to block access to legitimate streaming video sites. As a result, employees then might look elsewhere on the web to watch streaming video – and may find themselves on a malicious site, Mark Parker, senior product manager at security firm Marshal8e6 told

“What's the guy who has bet a lot of money on his brackets to do but go elsewhere and find a [video] stream?” Marshal8e6's Parker said. “And he could end up putting his company at risk.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.