Friday, February 02, 2007

That's Entertainment: Malicious Website: Super Bowl XLI / Dolphin Stadium - UPDATE

Image source: Websense

Via the fine folks at Websense.

Websense® Security Labs™ has discovered that the official website of Dolphin Stadium has been compromised with malicious code. The Dolphin Stadium is currently experiencing a large number of visitors, as it is the home of Sunday's Super Bowl XLI. The site is linked from numerous official Super Bowl websites and various Super Bowl-related search terms return links to the site.

A link to a malicious javascript file has been inserted into the header of the front page of the site. Visitors to the site execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.

More here.

Also, the domain which the malicious javascript redirects to for it's exploit is registered in China, and is apparently being "fast-fluxed" (periodically changing it's IP address to avoid take-down).

UPDATE: 11:25 PST: The website has now removed the malicious javascript code and is clean!

Update: 20:00 PST: The IP addresses were not fast-flux, as it first appeared. It has now pretty much been mitigated.

0 Comments:

Post a Comment

<< Home