Hacked Super Bowl stadium site delivered malware
Discovered dasy bnefore the event and now reportedly resolved, a malicious Javascript file exploited two known Microsoft flaws.
The incident, discovered by San Diego-based Websense Inc.'s Security Labs unit, involved a link to a malicious Javascript file that had been inserted into the header of the front page of the site, with the intent of propagating malicious code on visitors' computers.
"Visitors to the site execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004," according to a bulletin from Websense. "Both of these exploits attempt to download and execute a malicious file."
According to published reports, Dolphin Stadium representatives have confirmed that the site was compromised, but said the issue had been addressed and that the Web site no longer poses a threat. However, Websense said, the initial breach may have occurred more than a week ago.
The Web site is currently experiencing higher-than-normal traffic because of Sunday's event.
