Security researchers warned on Friday that a hacker installed malicious code on the official Web site of Dolphin Stadium designed to secretly implant keystroke-logging software on visitors' computers.
February 3, 2007 (Press Release) --
Security researchers warned on Friday that a hacker installed malicious code on the official Web site of Dolphin Stadium designed to secretly implant keystroke-logging software on visitors' computers. Security firm Websense Inc., which first reported the breach, said the attack involved a common type of "Trojan horse" program targeting Windows computers without the latest security patches from Microsoft Corp.
Reportedly, the hack was also on Miami Dolphins' website. The breaches apparently occured about two weeks ago, and anybody who visited the sites without proper antivirus protection or patched Windows could be infected.
"We literally find tens of thousands of these things every day -- they're everywhere from big-name sites like this one to mom-and-pop bakery shops," said Dan Hubbard, vice president of security research at Websense. "It's definitely a good lesson in staying up to date on the patches."
"It's low-hanging-fruit malware," said David Marcus, security research and communications manager with McAfee Inc., quoted by AP. "If you have any up-to-date anti-malware software on your machine, it's going to mitigate it."
"If you go to the [Dolphins'] Super Bowl Web site with a Web browser that's not running the latest and greatest patches from Microsoft, you could get exploited," said Dan Hubbard. "Assuming you're not patched, a Trojan downloader with a backdoor and a password stealer gets installed on your computer without you knowing it."
The file downloaded in the attack is a keystroke logger and a remote control tool, also called a backdoor, Websense said. Attackers get full access to the compromised PC.
"Visitors to the site execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004," according to a bulletin from Websense. "Both of these exploits attempt to download and execute a malicious file."
George Torres, a stadium spokesman, said officials were alerted to the breach around noon on Friday and had the site fixed within three hours. "We are working on the technology side to review all the code and do whatever we need to, on a security basis, to prevent this from happening again," Torres said. He also said the FBI is investigating the attack.
Talking about security, there will be unprecedented physical security at the Super Bowl this year. For this Sunday's Dolphin Stadium game, the NFL has hired 3,000 security personnel — everyone from uniformed guards to undercover decoys – to back-up law enforcement authorities. There will also be a 10-mile ring of protected airspace around the stadium. No blimps, no banners, no exceptions.
Author: Iuliu Blaga
Source: http://www.playfuls.com/
Reportedly, the hack was also on Miami Dolphins' website. The breaches apparently occured about two weeks ago, and anybody who visited the sites without proper antivirus protection or patched Windows could be infected.
"We literally find tens of thousands of these things every day -- they're everywhere from big-name sites like this one to mom-and-pop bakery shops," said Dan Hubbard, vice president of security research at Websense. "It's definitely a good lesson in staying up to date on the patches."
"It's low-hanging-fruit malware," said David Marcus, security research and communications manager with McAfee Inc., quoted by AP. "If you have any up-to-date anti-malware software on your machine, it's going to mitigate it."
"If you go to the [Dolphins'] Super Bowl Web site with a Web browser that's not running the latest and greatest patches from Microsoft, you could get exploited," said Dan Hubbard. "Assuming you're not patched, a Trojan downloader with a backdoor and a password stealer gets installed on your computer without you knowing it."
The file downloaded in the attack is a keystroke logger and a remote control tool, also called a backdoor, Websense said. Attackers get full access to the compromised PC.
"Visitors to the site execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004," according to a bulletin from Websense. "Both of these exploits attempt to download and execute a malicious file."
George Torres, a stadium spokesman, said officials were alerted to the breach around noon on Friday and had the site fixed within three hours. "We are working on the technology side to review all the code and do whatever we need to, on a security basis, to prevent this from happening again," Torres said. He also said the FBI is investigating the attack.
Talking about security, there will be unprecedented physical security at the Super Bowl this year. For this Sunday's Dolphin Stadium game, the NFL has hired 3,000 security personnel — everyone from uniformed guards to undercover decoys – to back-up law enforcement authorities. There will also be a 10-mile ring of protected airspace around the stadium. No blimps, no banners, no exceptions.
Author: Iuliu Blaga
Source: http://www.playfuls.com/
Email
Print
SPAM
LEAVE A COMMENT
