According to Armorize, soccer news site Goal.com was recently found to be serving malware.
"In an analysis of the attack, Armorize researcher Wayne Huang suggests that a hacker specifically targeted and compromised Goal.com through a back-door that allowed the attacker to manipulate the site's content at will," writes threatpost's Brian Donohue.
"According to the report, Goal.com was detected on April 27 and 28, 2011 serving up an iframe attack that forwarded visitors to a rogue domain in the .cc top level domain (TLD)," Donohue writes. "That redirect was the first in a chain of events that resulted in the delivery of a known exploit pack, g01pack that targets attacks at the specific operating system and browser version the Goal.com visitor is using. After exploiting the user's browser, further malware, including a Trojan horse program were downloaded to the victim's computer."
"In an analysis of the attack, Armorize researcher Wayne Huang suggests that a hacker specifically targeted and compromised Goal.com through a back-door that allowed the attacker to manipulate the site's content at will," writes threatpost's Brian Donohue.
"According to the report, Goal.com was detected on April 27 and 28, 2011 serving up an iframe attack that forwarded visitors to a rogue domain in the .cc top level domain (TLD)," Donohue writes. "That redirect was the first in a chain of events that resulted in the delivery of a known exploit pack, g01pack that targets attacks at the specific operating system and browser version the Goal.com visitor is using. After exploiting the user's browser, further malware, including a Trojan horse program were downloaded to the victim's computer."
