[ISN] Super Bowl stadium site packed Trojan horse

From: InfoSec News (alerts@private)
Date: Sun Feb 04 2007 - 22:32:44 PST


By Joris Evers
Staff Writer, CNET News.com
February 2, 2007

Cybercrooks broke in to the Dolphin Stadium Web site and rigged it to 
load malicious software onto unpatched Windows PCs, security experts 
warned Friday.

Hackers reprogrammed the Web site for the Super Bowl stadium so it would 
automatically load a malicious script, Web security firm Websense said. 
This script would attempt to exploit a pair of known Windows security 
holes and install programs that would put the PC under the attacker's 

"Assuming you're not patched, a Trojan downloader with a backdoor and a 
password stealer gets installed on your computer without you knowing 
it," said Dan Hubbard, vice president of security research at San Diego, 
Calif.-based Websense.

The initial breach of the Dolphin Stadium Web site appears to have 
occurred on January 25, Hubbard said. The site was cleaned up around 11 
a.m. PST on Friday, he said.

A Dolphin Stadium representative confirmed the hack. "The stadium Web 
site was compromised and the problem was resolved," said the 
representative, who asked not to be named. She could not give an 
indication as to how many people were exposed to the attack, but did say 
the site is getting more visits "just because of the Super Bowl."

The attack exploited two known security holes in the way Windows handles 
Vector Markup Language, or VML, documents, Websense said. Microsoft 
issued patches for these flaws in September and January. This means that 
people who hadn't yet applied the latest Microsoft fixes would be 
vulnerable to the attack.

The file downloaded in the attack is a keystroke logger and a remote 
control tool, also called a backdoor, Websense said. Attackers get full 
access to the compromised PC.

"The Web is a hostile environment," said Jeremiah Grossman, chief 
technology officer at Web security company WhiteHat Security. "Eight out 
of 10 Web sites have serious flaws that enable these types of attacks. 
It's important for users to stay up to date with patches. However, 
another way to combat malicious hackers and malware is by using an 
alternative Web browser such as Firefox."

People who visited the Dolphin Stadium Web site with a Windows PC that 
lacked the most recent patches should run a security scan to clean their 
machines. Websense has provided details on the malicious code to 
antivirus software makers, so all security tools should detect it soon, 
Hubbard said.

"Some antivirus vendors do detect it today, but most do not. We are 
sharing this information with antivirus vendors to get their cleaning 
tools up to date," he said.

Subscribe to the InfoSec News RSS Feed

This archive was generated by hypermail 2.1.3 : Sun Feb 04 2007 - 22:48:10 PST