World Cup Final Trojan Horse

Date:07.14.2006

Threat Type: Malicious Website / Malicious Code

Websense® Security Labs (TM) has discovered a new malicious website, which is distributing malicious code that installs a Trojan Horse on end-users' machines. This potentially occurs without user interaction.

The site appears to be mirroring a World Cup 2006 Soccer website with the exception that they have a lead story regarding the, now infamous, Zinedine Zidane head butt incident from the World Cup final against Italy.

Upon visiting any of the pages on the site, end-users are potentially infected with a Trojan Horse downloader. This Trojan Horse downloads additional payload code from the site. The site is using the underground "Web Attacker" toolkit (discussed in an earlier alert   http://www.websense.com/securitylabs/alerts/alert.php?AlertID=472).

The Web Attacker toolkit is sold on a Russian website and costs anywhere from $20 - $300. This toolkit allows users to install code that exploits users based on their browser types. The installed code includes one of five different variants, including exploits for old and new vulnerabilities.

This site is hosted in the United States and was up and running at the time of this alert.

Site screenshot: