News: Players are redirected to exploit kit playing on Flash vulnerabilities.
The official fantasy football game of the Barclay’s Premier League, which has 16m monthly visitors, has been hit by a malvertising attack.
The advert is based on Flash, and purports to be from a British yacht company but actually redirects users to the Nuclear exploit kit, according to the firm Malwarebytes, who discovered the attack.
The exploit kit uses Flash Player exploits, which compromise the end-user’s machine.
In a blog, the cyber security firm said: "The Flash-based ad for a British yacht company was hosted on a highly suspicious server and distributed over https, making detection at the firewall or gateway much more difficult because it would encrypt the content of the page."
The malvertising chain also uses Google’s URL shortener, goog.gl, and injects them dynamically into the compromised sites.
Although the shortened URLs are used and discarded frequently, they cannot be entirely blacklisted at a root domain level because they come from a trusted source, namely Google.