× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. PCTECH
  3. February 2007

Super Bowl Site Trojan Aims to Nab Passwords

Brian Krebs
Washington Post

Super Bowl Site Trojan Aims to Nab Passwords
http://blog.washingtonpost.com/securityfix/2007/02/official_superbowl_site_p
ushin.html?nav=rss_blog

This story was updated at 3:02 p.m. Please read the entire post. -- The
official Web site of Dolphin Stadium -- the location of this weekend's Super
Bowl XLI game -- has been infected with a Trojan horse program. The virus
seeks to download keystroke-logging software on Windows machines if users
visit the site without the latest security updates from Microsoft, security
experts warn. 

Websense said the site still hosts the virus, and it advises people to steer
clear of the site for now. The Trojan tries to use two different exploits to
break into Windows PCs; one of them was fixed by a patch Microsoft issued
just last month.. It is clear that the bad guys are counting on major
traffic to the site this weekend. According to Websense, the site is
receiving a large number of visitors, thanks in part to some Super Bowl
search terms that prominently link to the site. According to Web
traffic-monitoring firm Alexa, the stadium site receives about 784,000 hits
per week.

If you haven't been diligent about applying Microsoft patches, please take a
moment to do that now by visiting Microsoft Update.

Microsoft always advises consumers to better protect themselves by visiting
only "trusted sites." However, this type of attack highlights that even
popular consumer sites can harbor serious problems. High-profile Web sites
like Dolphin Stadium's should do even a rudimentary security review to
thwart this type of attack.

Update, 3:02 p.m. ET: Stadium spokesman George Torres now says the site has
been cleaned up. I've confirmed his claims with a few outside experts. It
also appears that the same virus may have been seeded into other sites. The
main "podcasts" page on the Web site for the Center for Disease Control and
Prevention appears to have been infected at some point (ah, the irony). It
is unclear when that could have occurred, and it does not appear to be there
now. The folks at CDC are checking on the situation. There obviously are
multiple sites currently infected with this Trojan, so make sure you're up
to date on Microsoft patches.

This attack depends on the user allowing Javascript computer code to run in
the browser. I often plug the "noscript extension for Mozilla's Firefox
browser, which helps block this attack even on machines that do not have the
patch. 


Mike Grant
Bytware, Inc.
775-851-2900 

http://www.bytware.com


CONFIDENTIALITY NOTICE:  This e-mail message and any attachment to this e-mail 
message contain information that may be privileged and confidential.  This 
e-mail and any attachments are intended solely for the use of the individual or 
entity named above (the recipient) and may not be forwarded to or shared with 
any third party.  If you are not the intended recipient and have received this 
e-mail in error, please notify us by return e-mail or by telephone at 
775-851-2900 and delete this message.  This notice is automatically appended to 
each e-mail message leaving Bytware, Inc.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.