- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
The Web sites of Dolphin Stadium and the Miami Dolphins, host to Sunday's Super Bowl football game have been hacked, and malicious code on those sites have been attempting to infect PCs for at least a week, security experts said Friday.
The breach on the stadium site was discovered by Websense Inc.'s automated tools on Jan. 26, but the engineers at the company were not alerted to the problem until this week, when Websense customers complained that they were unable to visit the site.
The www.dolphinsstadium.com and www.miamidolphins.com sites are affected by the attack, as are mirror copies of those sites such as www.proplayerstadium.com. Security experts strongly advise Web surfers to avoid these sites until the compromise is contained.
"If you go to the [Dolphin's] Super Bowl Web site with a Web browser that's not running the latest and greatest patches from Microsoft, you could get exploited," said Dan Hubbard, Websense's senior director of security and technology research.
Miami Dolphins spokesman George Torres said that the matter is being investigated.
The Indianapolis Colts face the Chicago Bears in the National Football League's championship game, one of the most anticipated sporting events of the year in the U.S.
The Dolphins' sites serve up malicious JavaScript code that exploits two known Windows vulnerabilities, Hubbard said. It then attempts to connect with a second Web server that installs a Trojan downloader and a password stealing program on the victim's computer. The Trojan program lets the attackers install malicious software at a later date, he said.
The Web sites that downloaded the malicious software is based in China, and was operating on and off on Friday morning, according to Roger Thompson, chief technology officer with Exploit Prevention Labs Inc.
The Microsoft flaws that were exploited by hackers on the sites were both patched by October, but the breach is significant, Thompson said.
"It's a pretty big deal," he said via instant message. "A lot of people check out football stuff at work, and I bet lots of companies are not patched, even through October."
The NFL's Superbowl.com Web site is not affected by the hack, Thompson said.
Websense published an alert on the hack Friday morning, after first notifying the Miami Dolphins, Hubbard said.
Rss FeedRss Feed
Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment