Blue Coat Labs

Labs Blog

World Cup Malware: Don't Own-goal Your Computer

World Cup Malware: Don't Own-goal Your Computer

Chris Larsen

This week, the World Cup soccer/football tournament began. Unsurprisingly, the Bad Guys are set up to take advantage of fans who are trying to find on-line video of the matches...

A couple of days ago, a new site called came on line, fed by links from sports-forum sites. It looks rather unsophisticated to me, but maybe Brazilian soccer fans are more gullible than security researchers:

malicious world cup site

There are links to at least two different "video players" -- the prominent one shown to a new Flash Player (from, and a smaller link in the corner to a file (from

The page looks like this:

malicious Flash player site


It leads to a download that has pretty good recognition on Virustotal: 16 engines flagged it. This is a higher-than-normal recognition rate for PUS (Potentially Unwanted Software -- i.e., adware and low-grade spyware), and many of the AV engines class it as malicious, not just PUS, so this is definitely something to stay away from.

The other link I followed, to, was less exciting. There is no main site -- the domain doesn't resolve (with or without a "www."). The subdomain in the link does exist, but is just a placeholder page:

another malicious video player site

The download is rather large (5.1 MB), and was recognized as PUS/adware by 6 of the engines at Virustotal (which is about normal for this junk).


So, sports fans, if you're going to watch the World Cup on your computer, please stick to reputable sites -- you don't want to "own goal" your machine with malware.