Malicious code discovered on the website of a large European ticket re-sale company
Malicious code discovered on the website of a large European ticket re-sale company Football fans should be careful when buying tickets for the forthcoming Euro 2008 championships online following the discovery of malicious code on the website of a large European ticket re-sale company. The site in question has a high search engine ranking and a presence among sponsored links, indicating that the hackers may have a huge pool of potential victims.According to SophosLabs™, visitors attempting to purchase tickets through the site will be exposed to the malicious script which is embedded in some of the webpages. This malware then attempts to download further attacks from another remote website. Sophos experts advise computer users to be on their guard and ensure their IT security solutions and fully up to date. "This is not the first time that hackers have attempted to capitalize on sporting events, and unfortunately in the run up to the competition this summer, we"re likely to see more sites like this being hacked, as well as other scams preying on football fans" fervour," said Graham Cluley, senior technology consultant at Sophos. "Fans keen to get tickets to a game need to make sure they don"t get carried away in the excitement and score an own goal before kick off. It"s essential that all computer users ensure their security settings are up to date and able to defend against these threats."Bill Beverley, Security Technology Manager, F5 Networks, commented: “The Euro 2008 site breach highlights the severity of increasingly frequent website hacks. This targeted attack is one of many peppering the Internet landscape. With hackers now trawling for loopholes to exploit, security needs to be of the highest standard to protect not only the end user but the reputation of the site owner. "Anti-virus solutions provide a certain degree of protection for the end-user, however, data needs to be secured centrally with a controlled lock and key. Site administrators for the Euro 2008 site would not have been faced with the embarrassment they are currently enduring if they had necessary precautions in place. Protection at the application layer is something which is easily overlooked and must be enforced, as well as making sure web servers are correctly configured to stop invalid database calls being made and preventing file uploads from the site."As attacks begin to intensify when hackers target large, lucrative events, such as Euro 2008 and undoubtingly Beijing 2008, consumers are no doubt going to become less trusting with providing their credit card details, impacting immensely on buyers" habits and therefore the success of events" organisers and ticketing companies."