1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MLB.com serving up spyware through ads?

Discussion in 'Computer Security' started by zebulebu, Oct 20, 2007.

  1. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Folks

    Not sure if anyone on here would know (or care) about this - I suspect maybe Trip or BM might. In the past couple of weeks, I have found that, on my regular trips to mlb.com (the site for Major League Baseball) I am finiding that, when browsing to some of the news items/stories I regularly get redirected to a domain called 'mysurvey4u.com', which then attempts to infect me with malware. Most of this is the usual 'Your Computer Is At Risk' Spyaxe/Winfixer fake spyware-fixer software, but today I encountered a much more sophisticated one that I've not seen before:

    [​IMG]

    Note the popup in the system tray designed to ape Windows Security Centre warnings and the overlay on the main page looking for all the world like a warning from SysInternals or a real Anti-Spyware program.

    Anyone else encountered this? Seems to me like an organisation of the size and reputation of major league baseball should ensure that this kind of crap doesn't get foisted upon its visitors...
     
    Certifications: A few
    WIP: None - f*** 'em
  2. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    I believe the official Super Bowl site got virused right around the time of last year's super bowl. This wouldn't shock me one bit.

    I haven't been to the MLB site yet, so I haven't seen for myself.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  3. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    I don't think it was the SuperBowl site - i believe it was the one for Joe Robbie stadium (or whatever its called now) but yes, I distinctly remember there was a reflected XSS attack on it last year.

    If you want to check it out yourself (of course, this may not work in the US, it could just be their international ad redirects that are affected), fire up FF, go to mlb.com then click on any of the stories in the top right hand pane (at the moment they're running a lot of stuff on the ALCS - I got that last popup from clicking on the 'History says LCS up for grabs in game 6' link. Obviously, you already know this BM, but anyone else who wants to try it, make sure that you DO NOT click anywhere on the opo-ups that are generated - kill your browser session from the taskbar, and make sure that, if you're using FF, you choose NOT to restore your session when you fire your browser up again
     
    Certifications: A few
    WIP: None - f*** 'em
  4. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Thanks for the tip off Zeb! :)

    boyce
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  5. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Zeb,

    I just tried and fortunately I wasn't redirect. Maybe it's like you said, just the international ad redirection is different on my side here. But thanks for the heads up.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  6. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Yep, you are correct... didn't remember the details, but you certainly did. :)

    I didn't get any pop-ups when visiting a few of the right hand pane news links. I thought it might be because of my hosts file setup, but if that were the case, I'd get a pop-up with a Page Cannot Be Displayed message... hm. Maybe it is just the international redirects that are affected...
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  7. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Certifications: A few
    WIP: None - f*** 'em

Share This Page

Loading...