zveloLABS™ detected malicious code on the foxsports.com website late yesterday. Hackers have once again increased their tally of well known websites recently exploited to serve dangerous content.
The popular sports website was used to transparently redirect users to a dangerous site that regularly hosts malware. The compromised page contained a hidden iframe that retrieved content from the malicious site.
The URL used for the attack was part of the Fantasy Baseball Hot Streak game. Hot Streak Fantasy Baseball users should check their machines for any signs of infection or malicious activity.
The URL hxxp://msn.foxsports.com/fantasy/baseball/hotstreak/external/ contained the hidden iframe below, accessing content at hxxp://thingre.com/in.php.
The redirect domain thingre.com has a poor reputation, not only with zvelo but also with Google, Web of Trust and multiple URL blocklists.
The zvelo team has written to the webmaster at Fox Sports (along with all contacts listed in their whois records) with some details that we hope will help their team clean up the website. Updated post with further details may be found here.
