World Cup head butt used as Trojan bait

Malicious code is delivered on a Web site made to look like that of world soccer federation FIFA.

If you still have questions about Zinedine Zidane's World Cup head butt, be careful where you look for answers on the Web.

Miscreants are using the incident in the final of the soccer World Cup as bait to install malicious code onto the PCs of unwitting sports fans, Websense Security Labs warned on Friday.

Websense, which monitors Web security threats, has found one Web site that looks like an official FIFA World Cup 2006 site, but isn't. The lead story is on Zidane's head butt in the final against Italy, asking: "What did Materazzi say to Zidane?" That refers to Italy's Marco Materazzi, who was knocked over when Zidane thrust his head into Materazzi's chest.

When visiting the fake site, people can be infected with a Trojan horse downloader which, in turn, downloads additional malicious software from the site, Websense said in an alert. "This potentially occurs without user interaction," Websense said.

The malicious site was hosted in the United States and up and running on Friday, waiting for new victims. It uses the underground "Web Attacker" toolkit, which is sold on the Web and facilitates Web-based attacks, Websense said.

For those who are still wondering what the head butt was all about, Zidane publicly apologized earlier this month for being sent off the field with a red card, but claimed he did not regret his actions against Materazzi. Zidane stated that Materazzi insulted his mother and sister in the seconds leading up to the incident.