Barclays Fantasy Football site targeted by malvertising

The site's 16 million monthly users may have inadvertently dowloaded the Nuclear exploit kit

binary on a screen with words 'hacking attack'

The official Barclays Premier League Fantasy Football website has been targeted by criminals hoping to trick its users into downloading the Nuclear exploit kit.

The flash-based advert for a British yacht company, calling itself OKzilla, was being displayed to the website's 16 million users, automatically redirecting them to the malware download page.

The server IP was hidden behind CloudFlare making it difficult to find out the true owner of the website, although Who Is revealed it was registered using GoDaddy. A script then forwarded the user to Kanenia.info, another address hiding behind CloudFlare, which hosted a Google shortened URL where the Nuclear exploit kit was hidden.

The Nuclear exploit kit actually takes advantage of the Flash player installed on a user's machine, compromising the information stored on it. This particular type of malware is commonly responsible for launching zero-day attacks, which can in turn be used to infiltrate data from a user's machine.

Advertisement
Advertisement - Article continues below

MalwareBytes, which discovered the flaw, said it would have been difficult for unsuspecting users to realise they were being taken to a malicious site because it used the secure https protocol, encrypting the content of the page. Additionally, it used a shortened Google url, making it appear more trustworthy than it was.

"The malvertising chain is familiar as it makes use of goo.gl URLs (Google URL shortener) which are injected dynamically within compromised or blackhat sites," Jerome Segura said on the company's blog. "Those shortened URLs are used and discarded frequently and yet, because they belong to Google, a trusted company, cannot be blacklisted entirely at the root domain level."

MalwareBytes said it alerted the Premier League fantasy website to the malvertising and told Google that its shortened URLs were being used for malicious activities.

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

8 Mar 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019