February 28th, 2008 by Jovi Umawing
Sports fan sites being compromised by malicious authors is not unheard of. We?ve seen it happen to a Jets fan site in early January this year, and we?re seeing it again in another fan site?this time of Arsenal, a popular English soccer team.
The compromised Web site in this case is Onlinegooner.com, which was reported by ScanSafe OI to be ?maliciously active.? STAT confirmed that the fan site had been injected with malicious code, which led to the download of malware from the following IP addresses:
It was observed that the aforementioned addresses were hosted from several parts of the globe, like Thailand, Hong Kong, and Russia. The downloaded malware was found to contain rootkit, keylogging, backdoor, ARP poisoning, and DNS spoofing capabilites ? all of which are, admittedly, pretty sophisticated features for a malware.