Get Smart about Business Spending
- Related Stories
-
Attack code out for 'critical' Windows flaw
January 16, 2007 -
Microsoft leaves Word zero-day holes unpatched
January 9, 2007 -
Microsoft rushes out 'critical' fix
September 26, 2006
Hackers reprogrammed the Web site for the Super Bowl stadium so it would automatically load a malicious script, Web security firm Websense said. This script would attempt to exploit a pair of known Windows security holes and install programs that would put the PC under the attacker's control.
"Assuming you're not patched, a Trojan downloader with a backdoor and a password stealer gets installed on your computer without you knowing it," said Dan Hubbard, vice president of security research at San Diego, Calif.-based Websense.
The initial breach of the Dolphin Stadium Web site appears to have occurred on January 25, Hubbard said. The site was cleaned up around 11 a.m. PST on Friday, he said.
A Dolphin Stadium representative confirmed the hack. "The stadium Web site was compromised and the problem was resolved," said the representative, who asked not to be named. She could not give an indication as to how many people were exposed to the attack, but did say the site is getting more visits "just because of the Super Bowl."
The attack exploited two known security holes in the way Windows handles Vector Markup Language, or VML, documents, Websense said. Microsoft issued patches for these flaws in September and January. This means that people who hadn't yet applied the latest Microsoft fixes would be vulnerable to the attack.
The file downloaded in the attack is a keystroke logger and a remote control tool, also called a backdoor, Websense said. Attackers get full access to the compromised PC.
"The Web is a hostile environment," said Jeremiah Grossman, chief technology officer at Web security company WhiteHat Security. "Eight out of 10 Web sites have serious flaws that enable these types of attacks. It's important for users to stay up to date with patches. However, another way to combat malicious hackers and malware is by using an alternative Web browser such as Firefox."
People who visited the Dolphin Stadium Web site with a Windows PC that lacked the most recent patches should run a security scan to clean their machines. Websense has provided details on the malicious code to antivirus software makers, so all security tools should detect it soon, Hubbard said.
"Some antivirus vendors do detect it today, but most do not. We are sharing this information with antivirus vendors to get their cleaning tools up to date," he said.
See more CNET content tagged:
Dolphin Ltd., Websense Inc., Super Bowl, Web security, antivirus company
In addition, what is this that antivirus vendors are working to provide protection? Does this mean that if one runs an AV package without other protective measures that he's going to detect this trojan infection? When did AV packages start covering trojans? That's a separate gripe, but the article appears misleading.
Please, c/net: I read you for technically accurate and complete reporting. An article like this is lacking.
--mark d.
On unpatched PC's
It doesn't matter how many times you say it... idiots who continue to use Microsoft's Operating Systems without the latest patches deserve to be hacked and wiped out entirely.
If those PC's aren't hacked and taken out... they WILL become bots in a larger scan elsewhere.
Walt
- Mac Bashers?
- by Jschneeky February 6, 2007 7:05 PM PST
- How come you never see any Mac user haters on these story pages?
- Like this Reply to this comment
-
(7 Comments)