The web server, which is hosted at the Miami Dolphin stadium (home of this Sunday’s Super Bowl), was hacked in order to take advantage of exploits found in Windows security holes.
In the attack, which was discovered by malware hunters at Websense Security Labs, the server hosting the site was breached and a link to a malicious JavaScript file was inserted into the header of the front page of the site. Visitors to the site execute the script, which attempts to exploit the vulnerabilities.
A visitor to the site with an unpatched Windows machine will connect to a remote server registered to a nameserver in China and download a Trojan keylogger/backdoor that gives the attacker “full access to the compromised computer,” Hubbard said.
It’s a good idea to update your computer with the newest security patches, especially if you plan on visiting the Super Bowl web site. Experts have also detected the attack in certain government web sites, such as the Centers for Disease Control site.
[via ZDNet]
