February 2, 2007 11:59 AM PST

Super Bowl stadium site packed Trojan horse

Cybercrooks broke in to the Dolphin Stadium Web site and rigged it to load malicious software onto unpatched Windows PCs, security experts warned Friday.

Hackers reprogrammed the Web site for the Super Bowl stadium so it would automatically load a malicious script, Web security firm Websense said. This script would attempt to exploit a pair of known Windows security holes and install programs that would put the PC under the attacker's control.

Hacked stadium site

"Assuming you're not patched, a Trojan downloader with a backdoor and a password stealer gets installed on your computer without you knowing it," said Dan Hubbard, vice president of security research at San Diego, Calif.-based Websense.

The initial breach of the Dolphin Stadium Web site appears to have occurred on January 25, Hubbard said. The site was cleaned up around 11 a.m. PST on Friday, he said.

A Dolphin Stadium representative confirmed the hack. "The stadium Web site was compromised and the problem was resolved," said the representative, who asked not to be named. She could not give an indication as to how many people were exposed to the attack, but did say the site is getting more visits "just because of the Super Bowl."

The attack exploited two known security holes in the way Windows handles Vector Markup Language, or VML, documents, Websense said. Microsoft issued patches for these flaws in September and January. This means that people who hadn't yet applied the latest Microsoft fixes would be vulnerable to the attack.

The file downloaded in the attack is a keystroke logger and a remote control tool, also called a backdoor, Websense said. Attackers get full access to the compromised PC.

"The Web is a hostile environment," said Jeremiah Grossman, chief technology officer at Web security company WhiteHat Security. "Eight out of 10 Web sites have serious flaws that enable these types of attacks. It's important for users to stay up to date with patches. However, another way to combat malicious hackers and malware is by using an alternative Web browser such as Firefox."

People who visited the Dolphin Stadium Web site with a Windows PC that lacked the most recent patches should run a security scan to clean their machines. Websense has provided details on the malicious code to antivirus software makers, so all security tools should detect it soon, Hubbard said.

"Some antivirus vendors do detect it today, but most do not. We are sharing this information with antivirus vendors to get their cleaning tools up to date," he said.

See more CNET content tagged:
Dolphin Ltd., Super Bowl, Websense Inc., Web security, antivirus company


Join the conversation!
Add your comment
Would IE 7 have caught this?
Or would this stuff just zip past that as well?
Posted by ppgreat (1128 comments )
Reply Link Flag
MS07-004 also affected IE7 so, no. MS06-014 was an MDAC update so I'm not 100% certain. It might have been able to slip by IE7 if you weren't patched.
Posted by kgrutz (2 comments )
Link Flag
They got what they deserved
Use windows and you deserve all the headaches that come with it.
Posted by qwerty75 (1164 comments )
Reply Link Flag
I Wish ...
I wish that articles like this wouldn't say you're protected "if you're patched". Please, be specific. What patch? I know that there are hyperlinks to older articles that may answer the question, but this is the most OBVIOUS question that begs an immediate answer.

In addition, what is this that antivirus vendors are working to provide protection? Does this mean that if one runs an AV package without other protective measures that he's going to detect this trojan infection? When did AV packages start covering trojans? That's a separate gripe, but the article appears misleading.

Please, c/net: I read you for technically accurate and complete reporting. An article like this is lacking.

--mark d.
Posted by markdoiron (1138 comments )
Reply Link Flag
How's this for specific?
You're protected if you aren't using Microsoft software.
Posted by Macsaresafer (802 comments )
Link Flag
On unpatched PC's
On unpatched PC's

On unpatched PC's

It doesn't matter how many times you say it... idiots who continue to use Microsoft's Operating Systems without the latest patches deserve to be hacked and wiped out entirely.

If those PC's aren't hacked and taken out... they WILL become bots in a larger scan elsewhere.

Posted by wbenton (522 comments )
Reply Link Flag
Mac Bashers?
How come you never see any Mac user haters on these story pages?
Posted by Jschneeky (23 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.