Forum latest

Dolphins Stadium web site compromised by hackers
Written by Gizmo   
Saturday, 03 February 2007 21:15
Dunno if any of you saw this, but apparently the Dolphins Stadium web site was hacked back on the 25th of January, and the hack was only recently discovered.  The site was reportedly cleaned up and fully secured by Noon EST on Feb. 2.

The hack of the web site caused it to send a malicious payload to users.  The payload included a javascript attack against a pair of know Windows security flaws, one of which was repaired in September of last year, and the other of which was patched in January.  The flaw being exploited lies in the way Internet Explorer handles VML (Vector Markup Language).  Because one of the vulnerabilities being attacked wasn't patched until January's release of patch MS07-004, only people who are fully up to date on security patches or who disable javascript would be safe from the vulnerability.  Reportedly, peoply who use alternative browsers such as Firefox or Opera are also not vulnerable to the attack.

Once the attack is successful, a keystroke logger and backdoor are installed on the compromised system, allowing the attacker to gain passwords and control over the system.

San Diego-based security outfit Websense advises that anyone who visited the Dolphins Stadium web site and did not have the latest security patches installed at the time should run a security scan of their machine.

Comment in the forums!

Don't Click Here Don't Click Here Either