• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

REPORT: Super Bowl Web Site Compromised With Malicious Code

Posted on: Friday, 2 February 2007, 15:00 CST

SAN DIEGO, Feb. 2 /PRNewswire-FirstCall/ -- Websense, Inc. , has discovered that the official Web site of Dolphin Stadium has been compromised with malicious code. The Dolphin Stadium Web site is currently experiencing a large number of visitors, as the stadium is the home of Super Bowl XLI which will be played this coming Sunday, February 4, 2007. The site is linked from numerous official Super Bowl Web sites and various Super Bowl- related search terms return links to the site.

Websense(R) Security Labs(TM) discovered a link to a malicious javascript file that has been inserted into the header of the front page of the Web site. Visitors to the site automatically execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.

The file that is downloaded is a NsPack-packed Trojan keylogger/backdoor, providing the attacker with full access to the compromised computer. The filename is w1c.exe and its MD5 is ad3da9674080a9edbf9e084c10e80516.

Websense has notified the owners of the Web site and advise users not to connect to the site, as it is currently still compromised.

Websense Web Security Suite(TM) customers are automatically protected from this threat due to the software's Real-Time Security Updates(TM) capability.

Websense used its patent-pending Websense(R) ThreatSeeker(TM) technology to discover the threat. ThreatSeeker scans approximately 600 million Web sites per week searching for security threats. Websense delivers preemptive protection from Web-based security threats -- threats typically missed or too costly to prevent using security technologies such as antivirus and intrusion prevention systems -- and protects customers before they are compromised and often before patches and signatures are created. As a result, organizations are automatically protected from the latest threats within minutes, without massive costs and administrative burdens.

More details on the compromised Web site can be found at http://www.websense.com/securitylabs/alerts/alert.php?AlertID=733

About Websense, Inc.

Websense, Inc. , protects more than 25 million employees from external and internal computer security threats. Using a combination of preemptive ThreatSeeker(TM) malicious content identification and categorization technology and information leak prevention technology, Websense helps make computing safe and productive. Distributed through its global network of channel partners, Websense software helps organizations block malicious code, prevent the loss of confidential information and manage Internet and wireless access. For more information, visit http://www.websense.com/.

Websense and Websense Enterprise are registered trademarks of Websense, Inc. in the United States and certain international markets. Websense has numerous other unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners.

MEDIA CONTACT: Ronnie Manning Websense, Inc. 858 320 9274 rmanning@websense.com

Websense, Inc.

CONTACT: Ronnie Manning of Websense, Inc., +1-858-320-9274,rmanning@websense.com

Web site: http://www.websense.com/

Source: PRNewswire-FirstCall

More News in this Category