Association of Tennis Professionals (ATP) struck in latest malware attack

Sophos is warning computer users of the importance of scanning all web traffic for malware following the discovery that webpages on the Association of Tennis Professionals (ATP) website have been infected with malicious code.

Pages on the ATP website are just some of the thousands on the internet to have been injected with a malicious script called Mal/Badsrc, according to Sophos experts.  The script downloads another malicious script triggering an infection process which ultimately infects the victim with spyware.

Web security experts at Sophos note that by infecting pages on the website the hackers may capitalise on excitement surrounding Wimbledon 2008, one of the four grand slams in the tennis calendar making up part of the ATP tour, as tennis fans will be likely to visit the website keen to find out the latest news.

Fraser Howard, principal virus researcher at Sophos commented:

The hackers responsible for this attack don’t care what sites they infect, so long as there is a stream of potential victims likely to surf across the net, straight into their trap.  The ATP website is just one of many sites to have been exploited by hackers trying to steal information from innocent internet users. With the Wimbledon tournament taking place at the moment, the ATP website will be receiving a spike in visitors – but any tennis fan visiting the infected pages on the site risks being served straight into a crook’s criminal racket.

Sophos customers are automatically protected against the threats of Troj/Iframe-AG and Mal/Badsrc, and users of other vendors’ products are advised to update their software.

Microsoft issued an advisory this week warning of a rise in SQL Injection attacks targeting websites such as the one which has affected the ATP.Â