The official Web site of Dolphin Stadium, home of Sunday’s Super Bowl XLI, has been hacked and seeded with exploit code targeting two known Windows security flaws.
A visitor to the site with an unpatched Windows machine will connect to a remote server registered to a nameserver in China and download a Trojan keylogger/backdoor that gives the attacker “full access to the compromised computer,” Hubbard said.
Sources tracking the threat say the the hosted malware’s server host’s IP address address keeps changing. This means that unless the owner of the hacked site removes the malicious .js code and secure their server, exploits could start hitting unpatched visitors again.
The attackers are exploiting flaws patched in Microsoft’s MS06-014 and MS07-004 bulletins.
[Updated: February 2, 2007 @ 2:42 pm] The dolphinstadium.com Web site has been cleaned but new information suggests another variation of the domain, which redirects to the main site, has now been compromised and actively serving the exploits. “We’re not out of the woods yet. This is real-time and on-going,” a source said.
Websense has posted an advisory with screenshots.
The most important thing right now is to make sure your Windows machine is fully patched. Users can download and install the updates from Microsoft Update or the built-in Automatic Updates mechanism.
For original story: