Super Bowl Stadium Site Hacked - Why Security Matters
- 1
- Add a Comment
- No Related Post
Bad guys are not stupid. What they lack in morals they sometimes make up for in creativity and smarts. That’s why they can be so dangerous. Think like a bad guy: If you wanted to find a way to take advantage of a large public event in order to gain fraudulent access to thousands of (or more) individual computers so you could install keystroke logging software and trojan software to allow you to grow your rogue bot network, what would you do?
Well if it was today, maybe you’d think to yourself, “Hey the Super Bowl is this weekend. Let’s set up a fake site and trick people into going there with an email and screw ‘em all over.”
Or, if you were smarter, you’d just take over the server that houses the site for Dolphin Stadium.
If this doesn’t tell you why you should be focused on security, then what does?
The news item is here, and an advisory with a description is here.
The official Web site of Dolphin Stadium, home of Sunday’s Super Bowl XLI, has been hacked and seeded with exploit code targeting two known Windows security flaws.
In the attack, which was discovered by malware hunters at Websense Security Labs, the server hosting the site was breached and a link to a malicious JavaScript file was inserted into the header of the front page of the site. Visitors to the site execute the script, which attempts to exploit the vulnerabilities.
According to Dan Hubbard, senior director, security and technology research at Websense, the malicious site hosting the script has been taken offline by law enforcement officials but the hacked Dolphin Stadium site - which is attracting a lot of Super Bowl-related traffic - is still hosting the malicious JavaScript.
A visitor to the site with an unpatched Windows machine will connect to a remote server registered to a nameserver in China and download a Trojan keylogger/backdoor that gives the attacker “full access to the compromised computer,” Hubbard said.
Oy. What’s it gonna take?
[tags]security, super bowl, hack, security breach, dolphin stadium, greg hughes, dan hubbard[/tags]
One Comment
Davis McCarn
February 5th, 2007
at 4:02am
So, let’s see……..
Despite being resource hogs that stick their fingers into every aspect of a user’s computer, neither McAfee nor Norton protect against Trojans for beans.
Even though the vast majority of “pirated” copies of Windows are the result of frustrated tech’s not having the legitimate copy which came with the Dell, HP, Compaq, or whatever; Microsoft won’t even let them have the Malicious Software Removal Tool which might knock out about half of the Bots in a couple of months.
Most ISP’s and large finacial institutions blithely ignore reported abuse or make it extremely difficult to report, and…
Nobody does a damn thing to inform the general public about the costs (pushing $300 per person in 2007) or what actually works to find and clobber the bad guys.
Geeze!
Occam’s Razor says that the bad guys have their hooks into the media and corporate America, with way more control than we’ll ever know about.