Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Super Bowl Site Hacked with Trojan, Keylogger



 By: Don E. Sears
2007-02-02
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Updated: Dolphin Stadium may be the site of this Sunday's Super Bowl XLI between the Bears and the Colts, but its Web site should be avoided like the plague.

Bears, Colts and Super Bowl football fans everywhere beware.

Users browsing the Internet, perhaps innocently looking up a seating chart at Dolphin Stadium in Miami, could be in a lot more trouble than they would have ever expected.

Malicious code was discovered on the Web site for Dolphin Stadium, the location of this years Super Bowl, reports Websense.

Websense Security Labs urged Web users to avoid that site completely until the site had been scrubbed cleaned of all destructive code.

The code, hidden under the file name "w1c.exe," initiates both Trojan horse and keylogging capabilities, potentially allowing a hacker to track and record keyboard strokes in order to steal credit card, Social Security or other user information.

The malicious JavaScript file was inserted into the header of the front page of the Dolphin Stadium site. Once visitors entered, it was designed to execute a script that attempts to exploit two known vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.

Resource Library:

Given the popularity of the Super Bowl, the stadium site is linked from many official Super Bowl Web sites and related search terms, which only intensified the Trojan horses chances of affecting a large number of people.

Websense notified the owners of the site. Go here to view the Websense notification and original images of the problem areas.

By late afternoon on Feb. 2, Websense officials reported that the Dolphin Stadium site had been cleansed of the malware and that company researchers were continuing to study it.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Websense researchers have discovered there are other sites with similar exploit code, according to Dan Hubbard, vice president of security research for Websense.

Company officials declined to identify these other sites, saying they knew of only about six more, none of which were "high profile." All of them were temporarily shut down to be cleansed of the malware, according to Hubbard.

However, Hubbard indicated that there is no evidence that this incident represents the start of a widespread epidemic of this particular Trojan horse.

Officials for the NFL could not be reached for comment at the time of posting this story.

Editors Note: This story was updated to report the removal of the malicious code from the Dolphin Stadium Web site.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.





  Reader Comments: Super Bowl Site Hacked with Trojan, Keylogger
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Don E. Sears
 


x}r㶲s\@♵M"b{lc-/K3^:U*$ER~u~|.dxjlFwh4#I"nZΘ\̦dwꚃ>}K$wB}NUQV C7_/(bP<HwO7n[c^0Ra᳙*,Q  tjGt0]2xֵ;k:&oweki cߨ_[``1Z|R!j 9iݑ ۴^$)qHH.wH~Th \2HTߦuB)~{Te膡;? C+X^DP~FDM:ǎ-4~rwN0/PcwҴdh-vu=yͨ*{ /B1r!f-{4ɿTݱ[ L=iLVC;%0ýtf?Dk> NRY ZSˆ辥{$)5< \g4QL1H6}~8IZ QK68S`?Ķh¹p\.* }= :ԍ۱|$ .j.s&"U-M  ҇P2zhNtT/`_eY7;Ͱ-P6#M-eYr_ӽl˙=X8^p?͇_zJE4E9]vή $(֝[p miu]+i0n{'Owq@α{A~$Fj}&KDeR)i& 0h!5&tt<_B^,9@FI?n|%rPH+).##-b|+0CF_8rri[򳹥}o__]wzmo_wڧ>ߘecfy3ժ?T2ؕgxg4X:nN[77VGNפ9i>3鐚&tXaV|YkU[_lxmaj; dPp9L+pZ| ~huOd[W;' MD[Yu'P[,/ RrZ~@X*,>Ja͢4-I` o$SNE ;- uvPx۬ MZ!rƒ) uK3^8nZK}0[RFp&\ ДQCלذ 1"%h6-`i˫ TY嗋mESq>]V4{3Bɝ`g@ɋ BD4?CzC0!pl/\~_5M.΃QwW9Q] K\M흙ǘ+}7Nv.~hzmxD18,]evb`\77j 1ß} 5kGr*GFX@8ʍ81m!SGñA S&3;,,0 ZG>O;SjZi};Ni$|NI}ѦMޣ8BݘXI70i+OݺzL^TŞ+LК0#GE 6]LR}t qHhQ0|s0Y[SaP#[ѽ:z?`#0.Zm{Ae^~}¢!1Y@Xȁ{`soweC93(u%w2J}cn.O)))I.B$(ZȻ"!Alq [$t Xxl++~#AvGBjy?mlry swrvn23,BV-KїPf%i2khƪń(VFN1|(0Vf)xf&i &蝐t0OiH\UɲE0s}sYMh?wܰHz}G VV̚3=P.Ƈ5œL;nlQr`8 0:|Ch2i{MYguϳ-j{rǸ%q9an5ډ]![!rf>G) z7HhТ0T]2akRhjMMaf(0q |0b=9ߟ{8[=z,.K i{y]ؕ.R\|znN >0z4'Z>pd`/R=:¿uouj)ՃI ,䧒RVJ~&[b"ud\6˰@eִ &;rm۽' zfdݙ(yRrf!9֐I4$\* ؕGQ,~ǬanEk 5!70MC LK=9޻ئnssQ*/KW+ f)R;OZV*ժ 5ǩUT\=W*ov L3)' Sf N|_ћx?Sc`9gr07`3\x+}`䣇 ,*pز|˘/ 儩xi;"#Мv%*'L݇|jGVQ=/YQSfa "Ԗwkq5\`EY;[}n)'Ș-qVCY=w7䚢#݀ޭnF+ F vo(0f4gۢ-Rxsֽm?UNg?b:skx豸< QB|l8pL )ԨuUJ*~e::{oR64F@2<"C8\bS>ztV{PBK&nƚ767/=Od"9ym2$8z0JM;%95$_ۂ3Jnyb۴s:i&2106y-0P>O\մr ,09W>|6Œu8YW[?g`̦sk`p1\EAnc>֍ۙ'e*r1_?J= [L4G@V1-0=̞̝A mۨX9)6?b(vPJ`Y V8g;}DC8ߊIjfR΁MOT*%0=k@" c]f.g|]٘z4> ʀkxG2c7(Ъ6#iB/%e.N1)Q(&v}j;_&I|SeYȣV)+Y+TuRaoaqVZʑF3HU5E࣏M#/ PNkZ[C^$}T>UAU?JM_-UղR?YTAteU1n?mVPVW`Zd&{\%\3Li0o)Q멋A fT]Z/)+iQ/ ~ dwm PG c[,B(5@ E D@D;n?% ?S-l8-F:w~ݕDw;tZCR>i/6/: ?Nٿ:N00vY?0KKxi/R!)X|xxْ:m~61zˁNIM$(Xq,I!s^>ju.Km}ڏ"8-odF4zw/ΥI{͏e[J:^9"!5;/YF^99o7OM1k0fhRbQ1fF<$FD!B2.V3 N/Ns>\zF_kj,8Eψa6Z4kΊG( V`!w1t|PZ# (ʑ=`=`VVwu .f_d@Anp+z!NU HE*e4ДKe=:)KCT䵴f[YUHO~D!qbwyAH0GW吜Ճ~q]ȩzpPuwX̧{E~"rFntL7ÝԎ+^@(NEVu2kx'_YN.t0믁 89]cΓdtWcT1;>^Y ]s>ͥ=`L̴M\gwhNPD(Vp9c㻞Xn*/q)yy{do&})s'AuhaJwfimԕŞ`4 ݣovV:}i?vݷ;޽s¾"CWq :i)`* 94XhHn X"2NIJa'>8zdM#}ݾJfyӼ4hɘAhl7B_7nC]`l]sT xBo~ˤa ]ek{*{w}wo]VZtC.qD d/)$%ϓE Lju OKt1ڬ/ۥ{H?vV5BĬxBwdOc@/mvx1t` AAXŀ0!Vo lϸG s8<OFeuw#S'gSc3/HF#xgyS/6-lF@|P;a *|b1 \<e&qFL|}rx|SqzL7V_N7\PGgsJ {>|Ӆz|)+-Ȯqhx)H_Hq~ _1)zOfx?tə~GA_ Rpwi0VE db^Zu *| NM \W& gw[H̞&G T!g+ikRuL$VJ,CaqX8b:S*6HK* /ɔNeVJn@ݯ&;e4 *]y%.r5r*l:/>}.L'2ߔDrg~Sym'o]ÿ`ؠҶ:"i-嗟[M̼ <+q#u RNtF"h8GH!/O!G<<^V$Eݔ*/a?HW. OP5-N_,HAj9H8,aE ab)!n>JjmS8S:eKDJN]8~q7W7W7W7Wwuu\Wg^FY&L$pf ' oJXw)^;pHI:ᯧcӬ@i_xQml\ua1'd;Vb̸"a]X顄KhƑȏ޾;YhԄ ҅w`Ipa!a}H*4iWKbgh`Cr|u 65 mD'g!nq'x< t@LZCA:a }j^t"܂@Ahʱ-hO$G/nL/j;1NFNsS) UHQ8[LC[`B5:$1"#1 Pn"c}%SiL&cno_.U7KG߭dtn1^MկLH7m8/=iJ`BÂN6ON] =\NFf?fᣘ5X'5>‹%+WׄKػ%?fyF866A]CC((((r_-U\]J=kXPҥ>#֟PXa&^T17/L{=]pf>EbX@'`D~ "_x&| A"Z<'͡c°,HUi; {9CUHaoƟ8O0Bn-Fu%[ݼѓsgɚ n 1ÇŒ $l#O7=F{S\~438sy'+7Ŗ%4r}^uGL۹6;A}J)gRlZIHx}t1 B<Ю_T&xߔQ4#>\*o ,]WSm銺,Im1F-DR7ݦPH_oMŽ03,ԩImtΖH D8$'ċc! +EFyН;:Ϣ^=TZX);v HK6w/zj N= z!(g ƗY'dZIHgcS8#{c4cT2,,)Rdf[X!ր=yIv|wouv1M ASp\|@Q뛗H=Xݷ$6>̫=״d=I_E [-{8Rxz1 Cv1G6˜.NuwN# vPVbkFʼnܳExȶ]?Sڞ`܀V*ZWIUFVPhs| ϞE3* I7!~^G%Hc+up'{QS ΰ6$o,S`', h6E7uf`a3ط/0I_7nVmL=Gm߿߉b!?XSC ߉nk>I8O:^&dQkBx8n g{{[M$?]"Mlv;" ?(F]{F9-0 /2n?LF~_(R^q%odPb}O4#zne@]oPYя TmS_N|gGE*!a7R0m+` ScWF%3z J 0۟AX^qS3&Ibm4#uT[QS[Z[#rd! `,%7vEaWW`8(ĒI g{(h#8࿬lqn/%(\93͒Eˉ.׊tMSc%5T*j~A0b?]ZX,:Ȓ~eL<^^A֋+ iM/"rRIoA$zTG@r,rRM2'=ɏ|^kik6j=!`5̣Zk]X;XifƲyj+n-浻5NϙܬDM%- ܮv=!5&<~mQNa]TXX\#}y ]lkTp*Bק6:F̽O%2MĐun9JJYTjG^SUqqݗǮ4U0}jeo,V ;T3kq ķ ,T_H֞uζ|?yrY/*ۺoIt=\*!EOft"3LtxZڊRB{?~+roa>:(-^a̷UKphkY\+襃ڕ'1b?evѯ$x^jB_7"|tROO3':UKZth'&v* &tg|{ǘ"xxa aF a?ϪͲ;IoP}sY?e=a ' 2u?|{qBJ=Jm~##dM-ã|U:i|%w҅n,IMC6ߵ|L`D>8Eg :ᛒWZ-ɥF/|T3/b#-Ѩ#>IU11K= o~{@ܣq 81q,-D|E|z['AU}>l1AFhb#HB0\ǍM9'yo_*<>wg-d=:}GT  ^Z4˻ߩ1q>9 (yl0W)^@  [zqeL\w$A~!M}CcPx- rH8GLϷF}(% cDRw.sO0 ឩxTHVdL4"&(qTi+$<49࿿_zLiJ % œ 5"  By;%HJ 1шb1j=^r {fbi=r6z1^G>u;WLQXj*!b3wȧ^}98+=13l $ZU,AS "PF: 1C(^jJ͍$u~f6fzp"(3[]ă0>]S(OpW'NCj}`bZ\]:ovNի'P=:YXBj@̐0د?>&).yci 8^yN4xPZ !oX62 =<RXX_1[U=LꚂOJBveX z!~Kwy@fE3{8~BOSz% %uW0`A i2bg4t\K -C#&a@}lFLyuuvI^ۤwrݹw}޽SP֊E_en՝nIi}uݹcHfbv>4m+LJrY:2 ͋6Sfr?sm.4 "Ǹ;ρWγ}QX\m_;#U6jWzu7M& Bfu|j%6N#g5^L#'uԦF(h7q`1D*'M&7bS>oI]hD&5+<v<)r_rʯz}IwS__9'P~sC9?/?gViC:9CL2^S?/?9ak\ȃȡ">E9yyß(9_~O9gP~S(GN_^%e\]_O7GtAtsU\W9_\O{99k}G௏9 ?~rC(+h&࿛Ku3Ay3GΚWpz~;}sS^.4s\}~)P9P* ~2*ΕR+@^W~ KJ+ťfW*7yKxM}%k{[Z1iu}חG{1*,xW& )htVydS˼=>w懴Ixմ] &J2˯-cENZ9.~QFxdB$dZc+mFDgc?'%Y#/ܻGzʉnS'/\2fA<'Ԏ =PW].6pqS0n/, 4` }ExvY^]Yj7m!ϋ9y}2oفOh] ߊč,{ %h_10(\χ>ecc>m=]wrl#kvܙetej"d`+k&g2xsz_L&)Ҵ)."ʌ˟$41n_s˙=HcJ]N90Da0'+xVb;`Qd/I'C׽~rh`=E(͂|\k<##1苌Y Mc{Vkͅ*u8w i!wRF _8 bsފjd!׶+2}jSo:h}r;W3eo,"m,?hPxUE'0P$=CfJ10L9F{&A}F垓gg_5b Gy&3@p6+ V_dvO~%B+*π 8>eCgIrT~{J}*P=eZPO:] v"8%Yz'{io=G}c_VeńK!8F1dwD.L%Cb9G$]! ""_S a;oily㲁e":}`S so#gTÉtt3SE?-;waSF)f'VFp)hDN<}y<٢uKğ?X \ cwHV&K0Su ѫv>cx 'Lu65Tc *|?OGe Lt8͡o0kn>7q$LsizQڃ`+슧q?d|E#bSp!@pM֧2QTĻ Q)ۉYj%xd휙/699jE Ǣ8&U];#66sQ/¼uGW=Q'nalh[d%+^FH%!Ҷ\)Vcʥ.Sܟ?BKa҃fFHWk,^zXٻbm>n)ZF#,c-ԭ<P8_C~c.vjmnJQXƺa#¶u4mщo߉n^3Qa[O_xYL+ 52lt* X>!ˣŬ"D0Ȯ'Z:rsh;h۟3TFX6c?tCf *$@˽]^g*a7:#/ah8`yj3Sq2$Y":xqeQVt*NzvV?Pv/isTO7uG?;%o:ˌRh\*.Ioڝg'unɇݏ-)h,)ZN΂`R)Xfչ|C&ȕ/g2F#|oUAYf]*Z5Nj|ӷۊ#iQg8&rYOZiKmw9n~뉘h6JM? ۔̡9MR"Zi/!zR<>էr09d֊V&|&Z2cˤ_ ll9*