View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 11, 2015

Foul play found on Premier League fantasy football website

News: Players are redirected to exploit kit playing on Flash vulnerabilities.

By Charlotte Henry

The official fantasy football game of the Barclay’s Premier League, which has 16m monthly visitors, has been hit by a malvertising attack.

The advert is based on Flash, and purports to be from a British yacht company but actually redirects users to the Nuclear exploit kit, according to the firm Malwarebytes, who discovered the attack.

The exploit kit uses Flash Player exploits, which compromise the end-user’s machine.

In a blog, the cyber security firm said: "The Flash-based ad for a British yacht company was hosted on a highly suspicious server and distributed over https, making detection at the firewall or gateway much more difficult because it would encrypt the content of the page."

The malvertising chain also uses Google’s URL shortener,, and injects them dynamically into the compromised sites.

Although the shortened URLs are used and discarded frequently, they cannot be entirely blacklisted at a root domain level because they come from a trusted source, namely Google.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.