Super Bowl Stadium Site Hacked, Packed Trojan

The Web site of Miami's Dolphin Stadium, which plays host to Super Bowl XLI on Sunday, was hacked between January 26 and 28, security company Websense reported, and until approximately 11 a.m. PST Friday was actively distributing a backdoor Trojan horse and password stealer. The attacker planted a link to a malicious JavaScript file that exploited two patched Windows vulnerabilities, in the header of the front page of the site. By Friday morning, the malicious site hosting the JavaScript file has been taken down but the link remained in the stadium's site header. Users are recommended to stay away from the URL.

"The 25th was the last date that we saw [the site] clean. Sometime between the 26th and the 28th was when we think the site's server was hacked. It's possible [the attackers] still have access to the server," says Dan Hubbard, Websense's head of research.

News source: InformationWeek

Report a problem with article
Previous Story

Dell Accused of Hiding Intel Payments

Next Story

Microsoft Preps Windows Server Beta Three

10 Comments

Commenting is disabled on this article.

Users are recommended to stay away from the URL.

Don't worry Windows users. I'll visit the site on my Mac and let you know what I see!

Krankerz said,

Don't worry Windows users. I'll visit the site on my Mac and let you know what I see! :happy:

that exploited two patched Windows vulnerabilities

dont worry, we (windows users) can also go to the site with impunity but thanks anyways...

Krankerz said,

Don't worry Windows users. I'll visit the site on my Mac and let you know what I see! :happy:


And how do you know the Trojan doesn't affect Macs as well, you smartass? I hate smug mac users.

Krankerz said,

Don't worry Windows users. I'll visit the site on my Mac and let you know what I see! :happy:

Yes, please go while we all play some games on our machines, you let us know ok ......

Good thing I couldn't care less about the Super Bowl, not that my computer isn't patched, but I wonder
how many mom and pop computers, who usually don't update anything have been pnwn'd?

The Teej said,
Haha, owned on the grandest stage of them all. Nice.

Maybe yes, maybe no. It's 7:05 here in Miami - - it's cloudy, windy and RAININ'.

I admit that although I have lived here in Miami for a few years, I have never been to the stadium (drove by it once or twice on the Turnpike) nor have I ever been to the Pro Player/Joe Robbie Stadium website. But more importantly, and topical, what was the purpose of the hack? I mean, the Super Bowl Tickets were sold months ago. The website, with all it's bells, whistles and flash animation seems merely to provide information and does not permit customers to purchase tickets (Ticketmaster does this). So what was the point - - other than showing yet another South Florida business, ONCE AGAIN, that their computer security sucks? I mean, what would an attacker gain from such an attack?

Regardless, It would appear that the script has been removed because I looked at the header (Note: I am not an IT guy or software developer type so I could be wrong) but here's the code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<script defer type="text/javascript" src="/ssi/pngfix_map.js"></script>
<script src="/ssi/dhtml.js" language="javascript"></script>
<!-- this script needed for Flash -->
<script language="javascript">AC_FL_RunContent = 0;</script>
<script src="/flash/AC_RunActiveContent.js" language="javascript"></script>
<!-- end - this script needed for Flash -->
<title>Dolphin Stadium</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="main.css" rel="stylesheet" type="text/css">
<script type="text/JavaScript">

I also attach a link to screen shot from websense showing the code with the script in it. I thought it was interesting that they were using Firefox.

it looks like u wont be infected by this if your using a fully patched version of windowsxp.... although i wonder if this is a IE issue... or just anything that related to javascript?