Godlike Productions - Conspiracy Forum
Users Online Now: 2,072 (Who's On?)Visitors Today: 1,161,595
Pageviews Today: 1,533,591Threads Today: 346Posts Today: 5,943
01:47 PM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

Dolphins' sites hacked with malicious code in lead up to Superbowl

 
Anonymous Coward
User ID: 137330
United States
02/04/2007 10:19 AM
Report Abusive Post
Report Copyright Violation
Dolphins' sites hacked with malicious code in lead up to Superbowl
kittens detected on Dolphin Stadium Web site
By Loring Wirbel

EE Times
Feb 02, 2007



COLORADO SPRINGS, Colo. — Websense Security Labs issued a security alert Friday (Feb. 2) warning that the official Web site for Dolphin Stadium, home of Superbowl XLI, has been compromised by Java script linked to the header of the home page.

According to the security alert, The script tries to use two vulnerabilities, MS06-014 and MS07-004, which attempt to execute a malicious file.


San Diego-based Websense identified the file as a Trojan keylogger/backdoor program, which would give attackers full access to data on a compromised computer. Websense identified the file name as w1C.exe. The company has notified the Web managers of the stadium Web site, but warned that as of 3 p.m. Eastern time Friday, the malicious code was still on the site.

The NFC Champion Chicago Bears meet the AFC Champion Indianapolis Colts at Dolphins Stadium in Miami on Sunday.



[link to www.commsdesign.com]
Anonymous Coward (OP)
User ID: 137330
United States
02/04/2007 10:22 AM
Report Abusive Post
Report Copyright Violation
Re: Dolphins' sites hacked with malicious code in lead up to Superbowl
Security researchers warned on Friday that a hacker installed malicious code on the official Web site of Dolphin Stadium designed to secretly implant keystroke-logging software on visitors' computers. Security firm Websense Inc., which first reported the breach, said the attack involved a common type of "Trojan horse" program targeting Windows computers without the latest security patches from Microsoft Corp.

Reportedly, the hack was also on Miami Dolphins' website. The breaches apparently occured about two weeks ago, and anybody who visited the sites without proper antivirus protection or patched Windows could be infected.

"We literally find tens of thousands of these things every day -- they're everywhere from big-name sites like this one to mom-and-pop bakery shops," said Dan Hubbard, vice president of security research at Websense. "It's definitely a good lesson in staying up to date on the patches."

"It's low-hanging-fruit kittens," said David Marcus, security research and communications manager with McAfee Inc., quoted by AP. "If you have any up-to-date anti-kittens software on your machine, it's going to mitigate it."

"If you go to the [Dolphins'] Super Bowl Web site with a Web browser that's not running the latest and greatest patches from Microsoft, you could get exploited," said Dan Hubbard. "Assuming you're not patched, a Trojan downloader with a backdoor and a password stealer gets installed on your computer without you knowing it."

The file downloaded in the attack is a keystroke logger and a remote control tool, also called a backdoor, Websense said. Attackers get full access to the compromised PC.

"Visitors to the site execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004," according to a bulletin from Websense. "Both of these exploits attempt to download and execute a malicious file."

George Torres, a stadium spokesman, said officials were alerted to the breach around noon on Friday and had the site fixed within three hours. "We are working on the technology side to review all the code and do whatever we need to, on a security basis, to prevent this from happening again," Torres said. He also said the FBI is investigating the attack.

Talking about security, there will be unprecedented physical security at the Super Bowl this year. For this Sunday's Dolphin Stadium game, the NFL has hired 3,000 security personnel — everyone from uniformed guards to undercover decoys – to back-up law enforcement authorities. There will also be a 10-mile ring of protected airspace around the stadium. No blimps, no banners, no exceptions.
Anonymous Coward
User ID: 190585
United States
02/04/2007 10:34 AM
Report Abusive Post
Report Copyright Violation
Re: Dolphins' sites hacked with malicious code in lead up to Superbowl
OK. If an attack is planned today....let's think for a minute.....what would be the purpose of hacking the web site to the stadium.....to leave to open to attack..but more so to prevent conmmunication bewteen agencies that are working security within the stadium.....what say you...just thinking out loud.

News