Superbowl sites get hack attack


Superbowl sites get hack attack

In a prime example of social engineering, hackers targeted the websites of Dolphin Stadium and the Miami Dolphins, host to last Sunday’s Super Bowl American football game, to post malicious code attempting to infect users’ PCs.

The breach on the stadium’s website was discovered by Websense automated tools on 26 January, but engineers at the company were not alerted to the problem until Websense customers complained that they were unable to visit the site.

According to Websense, users who went to the Miami Dolphins' Super Bowl website with a web browser not running the most recent patches from Microsoft could get exploited.

Websense said the Dolphins' sites delivered malicious JavaScript code that exploits two known Windows vulnerabilities, and then attempts to connect with a second web server that installs a Trojan downloader and a password-stealing program on the victim's computer. The Trojan program then lets the attackers install malicious software at a later date.

The websites that downloaded the malicious software were said to be based in China, and exploited Microsoft flaws that were supposed to have been patched by October.

The attack raised fears that the heightened interest in American Football running up to the Super Bowl, plus some still unpatched users’ systems, could mean a rash of Trojans being downloaded to corporate networks.

They should have seen this coming, I suppose, but the ingenuity of the ne’er-do-wells is almost admirable. Target the interest in the Super Bowl, hack the website, assume some corporate systems will be unpatched, and then watch those Trojans go to work. Brilliant!

What we need, in American Football parlance, is some equally strategic thinking to counter these offensive attacks with high-pressure defence.

Read David Lacey’s security blog

Read Stuart King’s risk management blog

Comment on this article:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy