Super Bowl-Related Web Sites Hacked
Super Bowl host sites can infect visitors with malware.
Robert McMillan, IDG News Service
Friday, February 02, 2007 12:00 PM PST


The Web sites of Dolphin Stadium and the Miami Dolphins team, host to Sunday's Super Bowl football game, have been hacked, and malicious code on those sites has been attempting to infect PCs for at least a week, security experts said today.

The breach on the stadium site was discovered by automated tools at Internet security firm Websense on January 26, but the engineers at the company were not alerted to the problem until this week, when Websense customers complained that they were unable to visit the site.

Websense published an alert on the hack today, after first notifying the Miami Dolphins, Hubbard said.

The www.dolphinsstadium.com and www.miamidolphins.com sites are affected by the attack, as are mirror copies of those sites, such as www.proplayerstadium.com. Security experts strongly advise Web surfers to avoid these sites until the compromise is contained.

The NFL's Superbowl.com Web site is not affected by the hack, Thompson said.

"If you go to the [Dolphin's] Super Bowl Web site with a Web browser that's not running the latest and greatest patches from Microsoft, you could get exploited," said Dan Hubbard, Websense's senior director of security and technology research.

Miami Dolphins spokesman George Torres said that the matter is being investigated.

The Indianapolis Colts face the Chicago Bears in the National Football League's championship game, one of the most anticipated sporting events of the year in the United States.

Malware Details
The Dolphins' sites serve up malicious JavaScript code that exploits two known Windows vulnerabilities, Hubbard said. It then attempts to connect with a second Web server that installs a Trojan horse downloader and a password stealing program on the victim's computer. The Trojan horse program lets the attackers install malicious software at a later date, he said.

The Web site that loads the malicious software is based in China, and was operating on and off on this morning, according to Roger Thompson, chief technology officer with Exploit Prevention Labs.

The Microsoft flaws that were exploited by hackers on the sites were both patched by October, but the breach is significant, Thompson said.

"It's a pretty big deal," he said via instant message. "A lot of people check out football stuff at work, and I bet lots of companies are not patched, even through October."