By Joris Evers
Staff Writer, CNET News.com
February 2, 2007
Cybercrooks broke in to the Dolphin Stadium Web site and rigged it to
load malicious software onto unpatched Windows PCs, security experts
Hackers reprogrammed the Web site for the Super Bowl stadium so it would
automatically load a malicious script, Web security firm Websense said.
This script would attempt to exploit a pair of known Windows security
holes and install programs that would put the PC under the attacker's
"Assuming you're not patched, a Trojan downloader with a backdoor and a
password stealer gets installed on your computer without you knowing
it," said Dan Hubbard, vice president of security research at San Diego,
The initial breach of the Dolphin Stadium Web site appears to have
occurred on January 25, Hubbard said. The site was cleaned up around 11
a.m. PST on Friday, he said.
A Dolphin Stadium representative confirmed the hack. "The stadium Web
site was compromised and the problem was resolved," said the
representative, who asked not to be named. She could not give an
indication as to how many people were exposed to the attack, but did say
the site is getting more visits "just because of the Super Bowl."
The attack exploited two known security holes in the way Windows handles
Vector Markup Language, or VML, documents, Websense said. Microsoft
issued patches for these flaws in September and January. This means that
people who hadn't yet applied the latest Microsoft fixes would be
vulnerable to the attack.
The file downloaded in the attack is a keystroke logger and a remote
control tool, also called a backdoor, Websense said. Attackers get full
access to the compromised PC.
"The Web is a hostile environment," said Jeremiah Grossman, chief
technology officer at Web security company WhiteHat Security. "Eight out
of 10 Web sites have serious flaws that enable these types of attacks.
It's important for users to stay up to date with patches. However,
another way to combat malicious hackers and malware is by using an
alternative Web browser such as Firefox."
People who visited the Dolphin Stadium Web site with a Windows PC that
lacked the most recent patches should run a security scan to clean their
machines. Websense has provided details on the malicious code to
antivirus software makers, so all security tools should detect it soon,
"Some antivirus vendors do detect it today, but most do not. We are
sharing this information with antivirus vendors to get their cleaning
tools up to date," he said.
Subscribe to the InfoSec News RSS Feed