Sites scoured of malware after offsides hit

Dolphins' Web sites hacked in advance of Super Bowl

The Web sites of Dolphin Stadium and the Miami Dolphins, host to Sunday's Super Bowl football game, have been hacked, and malicious code on those sites has been attempting to infect PCs for at least a week, security experts said Friday.

The breach on the stadium site was discovered by Websense Inc.'s automated tools on Jan. 26, but the engineers at the company were not alerted to the problem until late this week, when Websense customers complained that they were unable to visit the site.

The dolphinsstadium.com and miamidolphins.com sites were affected by the attack, as were mirror copies of those sites such as proplayerstadium.com.

The Dolphins' technicians had cleaned up the Web sites by Friday afternoon, but visitors who had visited the sites over the past week could have had their computers infected, said Dan Hubbard, Websense's vice president of security research.

Miami Dolphins spokesman George Torres confirmed that the Web sites had been hacked and subsequently corrected, but he had no further details on the breach. "We are working on the technology side to review all the code and do whatever we need to, on a security basis, to prevent this from happening again," he said.

The Indianapolis Colts face the Chicago Bears in the National Football League's championship game, one of the most anticipated sporting events of the year in the U.S.

The Dolphins' sites had been serving up malicious JavaScript code that exploited two known Windows vulnerabilities, Hubbard said. It then attempted to connect with a second Web server that installed a Trojan downloader and a password stealing program on the victim's computer. The Trojan program would let the attackers install malicious software at a later date, he said.

The Web sites that downloaded the malicious software is based in China, and was operating on and off on Friday morning, according to Roger Thompson, chief technology officer with Exploit Prevention Labs Inc.

The Microsoft flaws that were exploited by hackers on the sites were both patched by October, but the breach is significant, Thompson said.

"It's a pretty big deal," he said via instant message. "A lot of people check out football stuff at work, and I bet lots of companies are not patched, even through October."

The NFL's Superbowl.com Web site is not affected by the hack, Thompson said.

Websense published an alert on the hack Friday morning, after first notifying the Miami Dolphins, Hubbard said.

Copyright © 2007 IDG Communications, Inc.

Where does this document go — OneDrive for Business or SharePoint?
  
Shop Tech Products at Amazon