Malicious Ads Hit NBL, NHL Sites

Major League Baseball and the National Hockey League got hit with more than baseballs and hockey pucks last week.

A series of malicious banner ads running across the Doubleclick network impacted the MLB and NHL Websites with ads that hijacked user sessions, according to security researchers at Exploit Prevention Labs. The ads shut down the Websites and then tried to force the visitor to download bogus anti-virus software. The Flash files contained code that redirected traffic away from the host and past the Doubleclick servers and to a site that tried to serve the unwanted software. Researchers said that the malware was unavoidable.

Major League Baseball and the National Hockey League did not immediately calls asking for comment.

Roger Thompson, Exploit Prevention Labs' chief technology officer, first demonstrated the ads on his Website in a video hosted by YouTube.

The attacks appeared intermittently on the MLB and NHL Websites last Friday through Sunday, but have subsided within the last few days

The ads use a scan and scare technique, in which a free system returns misleading results in an attempt to scare visitors into buying for the product. 'Scan and scare' tactics have become increasingly popular among vendors who sell intentionally ineffective or malicious security software.

While banner ads themselves are not an anomaly, this recent scam marks a trend cybercriminals attaching malware to major Websites and initiating attacks that redirect traffic.

In the past year, numerous prominent Websites of the sports world have been the victims of cyber attacks. In February, a Trojan was embedded in the Dolphins Stadium Website days before the venue was to host Super Bowl XLI.