Dolphin Stadium Sacked By Hackers

WebProNews Staff — Fri, 02 Feb 2007 19:40:49 +0000

Do not visit the Dolphin Stadium website. It’s been hacked with malicious code placed on the server, as security firm Websense Security Labs discovered.

There is a wicked little piece of JavaScript in place on the site in question. By visiting the site, the code gets triggered and a couple of exploit attempts commence. Websense reported more in their alert:

The site is linked from numerous official Super Bowl websites and various Super Bowl-related search terms return links to the site.

A link to a malicious javascript file has been inserted into the header of the front page of the site. Visitors to the site execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.

The file that is downloaded is a NsPack-packed Trojan keylogger/backdoor, providing the attacker with full access to the compromised computer. The filename is w1c.exe and its MD5 is ad3da9674080a9edbf9e084c10e80516

The first exploit focuses on a Microsoft Data Access Component flaw reported last April. The other exploit just received a patch in January, to correct a vulnerability in Vector Markup Language that could permit remote code execution.

Although the site owner has been notified, Websense has not seen the code being removed from the site’s headers yet. The exploits they have found affect Windows, but if the site has been hacked to place the JavaScript on it, the possibility exists that other malware affecting other operating systems, like cross-site scripting or OS-specific attacks, could be present.

—
Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Bookmark WebProNews:

David Utter is a staff writer for WebProNews covering technology and business.

WebProNews » Dolphin Stadium

Dolphin Stadium Sacked By Hackers