Super Bowl Web Site Compromised with Malicious JavaScript Code: Websense, Inc. Report

JavaScriptSearch
Monday, February 5, 2007; 03:29 AM

Websense, Inc. discovered last week that the official Web site of Dolphin Stadium had been compromised with malicious code. The Dolphin Stadium Web site was the home of Super Bowl XLI which was played Sunday, February 4, 2007. The site was linked from numerous official Super Bowl Web sites and various Super Bowl- related search terms return links to the site.

Websense Security Labs discovered a link to a malicious JavaScript file that has been inserted into the header of the front page of the Web site. Visitors to the site automatically execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.

The file that is downloaded is a NsPack-packed Trojan keylogger/backdoor, providing the attacker with full access to the compromised computer. The filename is w1c.exe and its MD5 is ad3da9674080a9edbf9e084c10e80516.

Websense notified the owners of the Web site and advised users not to connect to the site.

According to the company, Websense Web Security Suite customers are automatically protected from this threat due to the software's Real-Time Security Updates(TM) capability.

Websense used its patent-pending Websense ThreatSeeker technology to discover the threat. ThreatSeeker scans approximately 600 million Web sites per week searching for security threats. Websense delivers preemptive protection from Web-based security threats -- threats typically missed or too costly to prevent using security technologies such as antivirus and intrusion prevention systems -- and protects customers before they are compromised and often before patches and signatures are created. As a result, organizations are automatically protected from the latest threats within minutes, without massive costs and administrative burdens.

More details on the compromised Web site can be found at http://www.websense.com/securitylabs/alerts/alert.php?AlertID=733

About Websense, Inc.

Websense, Inc., protects more than 25 million employees from external and internal computer security threats. Using a combination of preemptive ThreatSeeker(TM) malicious content identification and categorization technology and information leak prevention technology, Websense helps make computing safe and productive. Distributed through its global network of channel partners, Websense software helps organizations block malicious code, prevent the loss of confidential information and manage Internet and wireless access. For more information, visit www.websense.com.