Super Bowl Site Hacked with Trojan, Keylogger

Updated: Dolphin Stadium may be the site of this Sunday's Super Bowl XLI between the Bears and the Colts, but its Web site should be avoided like the plague.

Bears, Colts and Super Bowl football fans everywhere beware. Users browsing the Internet, perhaps innocently looking up a seating chart at Dolphin Stadium in Miami, could be in a lot more trouble than they would have ever expected.

Malicious code was discovered on the Web site for Dolphin Stadium, the location of this years Super Bowl, reports Websense.

Websense Security Labs urged Web users to avoid that site completely until the site had been scrubbed cleaned of all destructive code.

The code, hidden under the file name "w1c.exe," initiates both Trojan horse and keylogging capabilities, potentially allowing a hacker to track and record keyboard strokes in order to steal credit card, Social Security or other user information.

The malicious JavaScript file was inserted into the header of the front page of the Dolphin Stadium site. Once visitors entered, it was designed to execute a script that attempts to exploit two known vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.

Given the popularity of the Super Bowl, the stadium site is linked from many official Super Bowl Web sites and related search terms, which only intensified the Trojan horses chances of affecting a large number of people.

Websense notified the owners of the site. Go here to view the Websense notification and original images of the problem areas.

By late afternoon on Feb. 2, Websense officials reported that the Dolphin Stadium site had been cleansed of the malware and that company researchers were continuing to study it.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Websense researchers have discovered there are other sites with similar exploit code, according to Dan Hubbard, vice president of security research for Websense.

Company officials declined to identify these other sites, saying they knew of only about six more, none of which were "high profile." All of them were temporarily shut down to be cleansed of the malware, according to Hubbard.

However, Hubbard indicated that there is no evidence that this incident represents the start of a widespread epidemic of this particular Trojan horse.

Officials for the NFL could not be reached for comment at the time of posting this story.

Editors Note: This story was updated to report the removal of the malicious code from the Dolphin Stadium Web site.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.