A fan site for the massively popular "Assassin's Creed" computer game has been harboring a nasty banking Trojan, and visitors for the past eight weeks may have been caught in its cross hairs.
The French fan site, Assassinscreedfrance.fr, is infected with a JavaScript redirector that takes those who visit the site to a Saint Petersburg, Russia-based malware site, which then connects their system to a Zeus botnet, the security firm Avast explained.
Avast said Assassinscreedfrance.fr is one of 1,841 sites around the world that was hit by this specific Zeus variant during March. Access to the French fan site is currently denied. The site is not affiliated with Ubisoft, the developers of "Assassin's Creed."
A notorious and dangerous banking Trojan, Zeus has enabled cybercriminals to hijack online bank accounts and steal millions of dollars over the past few years. This network of botnets, Avast said, has already netted its operators more than $100 million from small and medium-size businesses.
[The 10 Scariest Computer Viruses in Existence]
Avast researcher Jan Sirmer says the cybercriminals are exploiting the "Assassin's Creed" fan site through a number of security vulnerabilities in WordPress, the platform on which the site is built. The website, Sirmer says, "may have become vulnerable by using an outdated version of WordPress, even though their JavaScript plugin is up-to-date."
Sirmer said that out of 6,000 malware-infected .com sites, 13.6 percent were found to include some WordPress flaws. To protect yourself, make sure you update your WordPress plugins, and download and install security updates as soon as they become available.