Super Bowl stadium site hacked, seeded with exploits

Super Bowl stadium site hacked, seeded with exploits

Summary: The official Web site of Dolphin Stadium, home of Sunday's Super Bowl XLI, has been hacked and seeded with exploit code targeting two known Windows security flaws. In the attack, which was discovered by malware hunters at Websense Security Labs, the server hosting the site was breached and a link to a malicious JavaScript file was inserted into the header of the front page of the site.

SHARE:
TOPICS: Browser
164
The official Web site of Dolphin Stadium, home of Sunday's Super Bowl XLI, has been hacked and seeded with exploit code targeting two known Windows security flaws.

In the attack, which was discovered by malware hunters at Websense Security Labs, the server hosting the site was breached and a link to a malicious JavaScript file was inserted into the header of the front page of the site. Visitors to the site execute the script, which attempts to exploit the vulnerabilities.

According to Dan Hubbard, senior director, security and technology research at Websense, the malicious site hosting the script has been taken offline by law enforcement officials but the hacked Dolphin Stadium site -- which is attracting a lot of Super Bowl-related traffic -- is still hosting the malicious JavaScript.

Source code of hacked Dolphin Stadium Web site.

A visitor to the site with an unpatched Windows machine will connect to a remote server registered to a nameserver in China and download a Trojan keylogger/backdoor that gives the attacker "full access to the compromised computer," Hubbard said.

Sources tracking the threat say the the hosted malware's server host's IP address address keeps changing. This means that unless the owner of the hacked site removes the malicious .js code and secure their server, exploits could start hitting unpatched visitors again.

The attackers are exploiting flaws patched in Microsoft's MS06-014 and MS07-004 bulletins.

[Updated: February 2, 2007 @ 2:42 pm] The dolphinstadium.com Web site has been cleaned but new information suggests another variation of the domain, which redirects to the main site, has now been compromised and actively serving the exploits. "We're not out of the woods yet. This is real-time and on-going," a source said.

Websense has posted an advisory with screenshots.

The most important thing right now is to make sure your Windows machine is fully patched. Users can download and install the updates from Microsoft Update or the built-in Automatic Updates mechanism.

[Updated #2: February 2, 2007 @ 5:13 pm] All the affected Miami Dolphins sites (see Alexa traffic data) have now been disinfected but there is evidence that hundreds of other sites have been hijacked and rigged with the malicious JavaScript code. I've confirmed that the one-line code has been planted on an internal page of the U.S. government's Centers for Disease Control and Prevention Health Marketing site.

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

164 comments
Log in or register to join the discussion
  • What I find to be disquieting

    is not so much as there are flaws in Windows that users have
    left un-patched, but more to the fact that someone could easily
    gain access to multiple web servers to install the malevolent script in the first place. Do not the Administrators check to ensure that all vulnerabilities in their own servers are removed?
    GuidingLight
    • Why should the admins check?

      That would show a definite lack of confidence in the MS-Gurus (it's not a bug until MS say it is).
      John L. Ries
      • MS said it was

        I am unhappy with M$ too, but I have to disagree. M$ said those were bugs and put the patch on the net. The admins screwed up royally.
        G Fedorchuk
      • Does your statement display

        a lack in your understanding of the question asked? If I read your statement correctly, you are implying that you feel it is not an issue that a site can be hacked to insert a malicious line of code it.

        I say this as you immediately placed blame on Microsoft for having the vulnerability in it?s Windows Operating system, yet most deftly avoided the fact that the website?s administrators allowed it?s site software to be broken into.
        GuidingLight
    • Help Wanted

      Web Developer and System Administrator, Contact The Miami Dolphins Stadium Management Team
      timcarlo
      • They were alerted since Jan 31

        What's even more startling is that they were alerted about the compromise by multiple sources since January 31. They didn't act on it until Websense got into the fray. Look out for a follow-up entry on this.

        _ryan
        Ryan Naraine
    • Crackers' Paradise

      When I looked at CMS frameworks used for building fancy websites, I read up on one CMS that boasted "With other CMS's a skilled cracker can gain administrator access in 5 minutes. With the advanced security enhancements used in our CMS, it take a cracker at least 15 minutes to get in".

      I stuck with a static website - no-one has cracked it yet.
      ksarkies
    • What's disquieting is...

      ...that China seemingly couldn't care less about any kind of IP rights, electronic piracy, or being a hacker-haven. We in the USA should be doing some serious thinking before allying our business futures with a country whose government controls how you advertise and much of what your company can do there, yet is essentially immoral and criminal per our naive Western expectations of what govt officials are expected to do.
      archetuthus
  • So, did Gates lose that bet he made in Newsweek? ;) [nt]

    nt.
    olePigeon
  • When Ignorance Becomes Criminal Negligence

    What company, what technologists--building a site in today's criminal-infested world--leaves a site so unprotected that it exposes millions of visitors to this sort of exploitation?
    archetuthus
    • I'm with you.

      Fire the IT staff and replace everybody. This is criminal. What a bunch of lames.
      Who hired these guys? People who make money cleaning out infected machines? Argggggh...
      guygo
    • When Ignorance Becomes Criminal Negligence Pt. 2

      What company, what technologists--building a site in today's criminal-infested world--creates software that's so unprotected that it exposes millions of visitors to this sort of exploitation?


      Ummmmmm....... Microsoft? (Bing-Bing-Bing, You are correct!)
      Hard Cider
    • My biggest grip with Microsoft has always been...

      that they've made it too easy to feel like you know what you're doing. Securing any server directly connected to the Internet is not an easy job. It takes constant work, keeping up with known exploits in almost real time. It took me doing it for 6 months the right way to realize being a programmer wasn't that bad after all. At least I could make sure there were no buffer overflow exploits in my own code. As a programmer, I have to worry about my code and the code of my compiler vendor. I don't have to worry about every other piece of software running on the box. Anyway, back to my point.

      There are countless paper MCSEs in this country. And then there are countless people who are a one-man IT shop because they can figure out how to hook up a router and share the Internet with the whole office. A lot of these people actually have themselves convinced that they know what they're doing because Windows makes it easy to feel that way. A fourth grader can install Windows Server 2003 from a cd and set up a domain.

      I honestly believe that setting up a network should be hard to do. It should be hard because of the likely eventualities having a network will bring around. In this day and age, it's a virtual certainty that if you have a computer network, at some point one of the workstations on that network will connect to the Internet. That's all it takes, and all true professionals have a firm understanding of that. That thought never enters the mind of "those others".
      jasonp@...
  • Linux people are anti-football too...

    It is now obvious that the Linux crowd is not only anti-capitalist but also anti-football. Anyone who attacks a Windows based site that is hosting a web page for the #1 Sports Event in America is showing their true colors. One of my fellow CIO friends here mentioned something along the lines that the NFL has the money to run UNIX and should do so. This infuriated me to no end. I had my MCSEs and MCSDs dress up in football uniforms and tackle each and raid the building of this fool. I then screamed the new slogan for Super Bowl XLI - "Windows is #1 during Super Bowl 41!".
    Mike Cox
    • Take a deep breath, Mike, and calm down!

      I'd hate to see you flagged for excessive something-or-other.

      Just a couple of things: 1) The Super Bowl is the #1 Sports Event in THE WORLD!
      (Don't get me started on the "futbol" vs. "football" drivel the EU and the rest of the
      Linux-loving, deluded and bitter 3rd world spouts) and 2) Are you writing from the
      VIP Suite you and your Rep are sharing at Dolphin Stadium?

      I recommend the conch fritters with a Bacardi Mojito.
      dshans@...
      • You have it all wrong....

        We all know by now that Mike prefers scones, brandy and a good cigar.

        >>I recommend the conch fritters with a Bacardi Mojito.<<
        shawkins
        • Point taken ...

          ... but "all" might be a bit harsh! "When in Rome" and all that salsa. I'm sure The
          Coxster and his Rep would have no problemos finding a cigarro muy excelente en
          Miami. I'm not sure, though, that they'd be allowed to enjoy them in a comfort and
          security in their MSFT Box similar to that which Vista assures them in their cyber
          suite.

          I, myself, prefer a R?my Martin XO. It works seamlessy, securely and innovatively
          with any scone or cigar. It's the only way to go.
          dshans@...
    • weak.

      C'mon Mikey, we all know you can do better than that. "Windows is #1 during Super Bowl 41!"?

      Next thing you know, he'll call us UNIX users and admins un-American since we prefer our operating systems over Windows...
      nix_hed
    • Another good one. 8.0

      Of course, only the "Linux Crowd" would ever want to hack a Windows based site. Rent-a-mob, of course, has been an acceptable form of political expression since the aftermath of the 2000 presidential election.
      John L. Ries
    • *Sigh*, I confess...

      Not only is this 107.32% true, but I can now exclusively reveal that Janet Jackson's wardrobe was running Linux in 2004.
      Zogg