This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Major League Baseball website hit by malvertising that may potentially impact 300,000 users

Share this article:
Major League Baseball website hit by malvertising that may potentially impact 300,000 users
Major League Baseball website hit by malvertising that may potentially impact 300,000 users

The website of Major League Baseball has been hit by a malvertising scare after a compromised ad network began distributing malware.

According to Perimeter E-Security's security operations centre, it noticed several customers who attempted to download various fake anti-viruses had accessed MLB.com immediately before the installation attempt.

Evan Keiser, security analyst at the security operations centre, said: “We suspected a polluted ad network, but needed the proof. After page-refreshing MLB.com 20–30 times we were finally given the redirect.

“This specific drive-by download attempt actually requires quite a bit of user interaction. After clicking ‘Clean Computer' the user is prompted to download the file setup.exe which contains the actual fake anti-virus program. Like most fake anti-virus programs, it pretends to scan the victim's computer, find files it claims are infected and then attempts to get the victim to purchase the ‘Full Version' to remove the non-existent threats for $99.99.”

Perimeter E-Security said that after analysing the packet capture taken during the infection process, it verified that it is from adginserver.com, an ad server referenced by MLB.com.

It later said that the specific advert that serves the fake-anti-virus is on top of the MLB news page and points to plentywatch.com, but the banner image is stored on gipcampaign.com, which is injected with an IFRAME that redirects to adginserver.com.

It said that the MLB's page rotates its ad display constantly, so not every visit will show this malicious advert, but as MLB.com ranks 77th in the US and 344th globally, and approximately 3.24 million consumers view these pages every day, even if the advert were only displayed once every 100 page views it would potentially affect over 300,000 PCs.

Perimeter E-Security said: “We hope MLB.com will remove this ad as soon as possible to prevent infecting more of its customers. MLB.com is not the only website serving up fake anti-virus from this infected advertiser. Based on an analysis of our logs, customers were served malicious ads from adginserver.com when visiting many other benign sites as well.”

MLB.com has been made aware of this issue.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...