IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Barclays Fantasy Football site targeted by malvertising

The site's 16 million monthly users may have inadvertently dowloaded the Nuclear exploit kit

binary on a screen with words 'hacking attack'

The official Barclays Premier League Fantasy Football website has been targeted by criminals hoping to trick its users into downloading the Nuclear exploit kit.

The flash-based advert for a British yacht company, calling itself OKzilla, was being displayed to the website's 16 million users, automatically redirecting them to the malware download page.

The server IP was hidden behind CloudFlare making it difficult to find out the true owner of the website, although Who Is revealed it was registered using GoDaddy. A script then forwarded the user to Kanenia.info, another address hiding behind CloudFlare, which hosted a Google shortened URL where the Nuclear exploit kit was hidden.

The Nuclear exploit kit actually takes advantage of the Flash player installed on a user's machine, compromising the information stored on it. This particular type of malware is commonly responsible for launching zero-day attacks, which can in turn be used to infiltrate data from a user's machine.

MalwareBytes, which discovered the flaw, said it would have been difficult for unsuspecting users to realise they were being taken to a malicious site because it used the secure https protocol, encrypting the content of the page. Additionally, it used a shortened Google url, making it appear more trustworthy than it was.

"The malvertising chain is familiar as it makes use of goo.gl URLs (Google URL shortener) which are injected dynamically within compromised or blackhat sites," Jerome Segura said on the company's blog. "Those shortened URLs are used and discarded frequently and yet, because they belong to Google, a trusted company, cannot be blacklisted entirely at the root domain level."

MalwareBytes said it alerted the Premier League fantasy website to the malvertising and told Google that its shortened URLs were being used for malicious activities.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

RATDispenser evades nine in ten anti-virus engines
Security

RATDispenser evades nine in ten anti-virus engines

24 Nov 2021
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Out-of-hours ransomware attacks have a greater impact on revenue
ransomware

Out-of-hours ransomware attacks have a greater impact on revenue

18 Nov 2021
Millions of routers and NAS devices vulnerable to BotenaGo malware
malware

Millions of routers and NAS devices vulnerable to BotenaGo malware

12 Nov 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022