SQL Injection Exploits Wimbledon Tennis Tournament Site

In the past couple of weeks we have seen a serious increase in SQL injection attacks. Although Microsoft and HP have provided ample guidance and tools to solve the problem with, there are still sites out there that get infected. The latest web page to be attacked is the ATP site (short for Association for Tennis Professionals). With the Wimbledon tournament at full throttle, a growing amount of people is expected to visit the ATP web page and potentially get infected.

Comments: ATP site infected by SQL injection
Credits: Vancouver Tennis Association

ATP site infected by SQL injection


Fraser Howard, main virus researcher with Sophos (company that specializes in providing antispam and antivirus software solutions) comments: "With the Wimbledon tournament taking place at the moment, the ATP website will be receiving a spike in visitors - but any tennis fan visiting the infected pages on the site risks being served straight into a crook's criminal racket."

The ATP's site is not the only one to be affected by the SQL injection; the US SONY PSP3 was recently infected as well and there have been thousands of similar attacks resulting in malicious code infecting "trusted pages" all over the world. The script used in this case was identified by Sophos as Mal/Badsrc.

It would seem that the hackers are using a current, high profile event in order to propagate their malicious software. The fact that the Wimbledon Tournament is drawing countless visitors to the ATP site seems to be the only rational explanation why the attackers chose it. According to Fraser Howard, it does not matter what the site is about, as long as the number of visitors and thus potential victims is high.

This incident draws our attention to a more worrying aspect: more and more trustworthy, respectable sites fall victim to infection. Will they be taken down from the trusted page list? Unwary visitors may find themselves infected even though they did not visit suspicious sites.

[Source: softpedia]

0 comments