Super Bowl-Related Web Sites Hacked

The Web sites of Dolphin Stadium and the Miami Dolphins team, host to Sunday's Super Bowl football game, have been hacked, and malicious code on those sites have been attempting to infect PCs for at least a week, security experts said today.

The breach on the stadium site was discovered by automated tools at Internet security firm Websense on January 26, but the engineers at the company were not alerted to the problem until this week, when Websense customers complained that they were unable to visit the site. It was corrected this afternoon.

Websense published an alert on the hack earlier today, after first notifying the Miami Dolphins, said Dan Hubbard, Websense's vice president of security research.

The www.dolphinsstadium.com and www.miamidolphins.com sites were affected by the attack, as were mirror copies of those sites, such as www.proplayerstadium.com. Security experts strongly advised Web surfers to avoid these sites until the compromise was contained.

The NFL's Superbowl.com Web site was not affected by the hack, according to Roger Thompson, chief technology officer with Exploit Prevention Labs.

The Dolphins' technicians had the Web sites cleaned up by this afternoon, but visitors who had visited the sites over the past week could have had their computers infected, said Hubbard. Miami Dolphins spokesman George Torres confirmed that the Web sites had been hacked and subsequently corrected, but he had no further details on the breach. "We are working on the technology side to review all the code and do whatever we need to, on a security basis, to prevent this from happening again," Torres said.

The Indianapolis Colts face the Chicago Bears in the National Football League's championship game, one of the most anticipated sporting events of the year in the United States.

Malware Details

The Dolphins' sites were serving up malicious JavaScript code that exploits two known Windows vulnerabilities, Hubbard said. It then attempted to connect with a second Web server that installs a Trojan horse downloader and a password stealing program on the victim's computer. The Trojan horse program would allow the attackers to install malicious software at a later date, he said.

The Web site that loaded the malicious software is based in China, according to Thompson.

The Microsoft flaws that were exploited by hackers on the sites were both patched by October, but the breach was significant, he said.

"It's a pretty big deal," he said via instant message. "A lot of people check out football stuff at work, and I bet lots of companies are not patched, even through October."

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon