Found to Be Distributing Malware

Perimeter E-Security researchers recently discovered that Major League Baseball was distributing malware via a compromised ad network on its Web site.

“Perimeter E-Security said that after analysing the packet capture taken during the infection process, it verified that it is from, an ad server referenced by,” writes SC Magazine’s Dan Raywood. “It later said that the specific advert that serves the fake-anti-virus is on top of the MLB news page and points to, but the banner image is stored on, which is injected with an IFRAME that redirects to”

The potential number of site visitors affected is significant, according to a blog post by Perimeter E-Security research analyst Yuanyuan Grace Zeng. “According to, based on page views, ranks 77th in the US, and 344th globally,” Zeng writes. “From the traffic statistics on Alexa, in the past month, every day on average, there are about 11.23 million page views on MLB[.]com. Approximately 3.24 million consumers view these pages every day. Even if the ad were only displayed once every 100 page-views, it would potentially affect over 300,000 PCs.”

“Malicious advertisements are sneaky because they are often served up by otherwise legitimate ad networks,” writes’s Fahmida Y. Rashid. “Most website publishers don’t display their own ads, but partner with an ad network which has a pool of online ads ready to be served. If criminals have accounts on these networks, they scan slip malicious advertisements into the rotation. Site visitors who click on the advertisement are directed to the malicious site and infected. This way, criminals can infect visitors to a certain website without even going through the time-consuming process of hacking that site.”

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles