Create an Account
username: password:
 
  MemeStreams Logo

Super Bowl XLI website owned

search

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Super Bowl XLI website owned
Topic: Technology 2:45 pm EST, Feb  2, 2007

Websense® Security Labs™ has discovered that the official website of Dolphin Stadium has been compromised with malicious code. The Dolphin Stadium is currently experiencing a large number of visitors, as it is the home of Sunday's Super Bowl XLI. The site is linked from numerous official Super Bowl websites and various Super Bowl-related search terms return links to the site.

A link to a malicious javascript file has been inserted into the header of the front page of the site. Visitors to the site execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.

Thanks to Jeremiah Grossman for sending me a message today bringing this to my attention.

Declan McCullagh posted some good resources about this. All are plain text and will not harm you.

The original HTML page with the nasty JavaScript
Nasty JavaScript file it loads
VBScript file which gets bootstrapped from one of the HTML files

Super Bowl XLI website owned



 
 
Powered By Industrial Memetics
RSS2.0