MLB.COM again

["Alex Eckelberry" <AlexE () sunbelt-software com>]

> From Sandie Hardmeier's blog:
 
http://msmvps.com/blogs/spywaresucks/archive/2007/12/31/1428144.aspx
 
<http://www.rssfwd.com/idlers/remover/215779/5a1ff71d256fcc8a76748b886de
a888a.gif> 

Over the Christmas break I have received reports of malicious banner
advertisements hitting espn.com, Lycos mail and usatoday.com, as well as
smaller sites such as adrants.com, marketingvox.com, minnesparare.com,
all of which I am investigating. 

The above reports are bad enough, but by far the most worrying report
that I received was the one alleging that visitors to MLB.COM were being
redirected to a pornographic web site - of course, this one is going to
get my immediate attention.  

Sadly, I can confirm that this hijack is occurring - a quick analysis of
what is happening is as follows. 
 
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.