Superbowl Stadium Site Hacked

The website for Dolphin Stadium has apparently been hacked and is spreading malicious content, according to websense, and, on the front page a malicious javascript file is exploiting two vulnerabilities and is trying to install a NsPack-packed Trojan keylogger/backdoor. The two vulnerabilities are: Vulnerability in Vector Markup Language Could Allow Remote Code Execution and Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution.

Websense Security Labs has discovered that the official website of Dolphin Stadium has been compromised with malicious code. The Dolphin Stadium is currently experiencing a large number of visitors, as it is the home of Sunday’s Super Bowl XLI. The site is linked from numerous official Super Bowl websites and various Super Bowl-related search terms return links to the site.

A link to a malicious javascript file has been inserted into the header of the front page of the site. Visitors to the site execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.

The file that is downloaded is a NsPack-packed Trojan keylogger/backdoor, providing the attacker with full access to the compromised computer. The filename is w1c.exe and its MD5 is ad3da9674080a9edbf9e084c10e80516 Source: Malicious Website: Super Bowl XLI / Dolphin Stadium

They said they have notified the owner, but the malicious content is still being delivered. A screenshot is available on the websense site, do not visit the dolphin Stadium website, unless you want a hacker to get full access to your computer or you are sure you won’t be infected.