Dolphin’s Stadium Website Hacked; Trojan Embedded

Just before Super Bowl weekend, when the Dolphin’s Stadium website was most likely receiving the highest amount of traffic all year, it gets hacked. Not only was it hacked, but it had a trojan embedded in to the code. If you’re running an up to date version of Windows or a non Internet Explorer browser, you should be fine.

The exploits in question are MS06-014 (from April of 2006), and MS07-004 (from January 2007). Both of the exploits are dubbed critical by Microsoft. To earn critical the exploit has to be able to execute arbitrary code on the victim. Not surprisingly, they attempt to download a keylogger/backdoor, thus leaving your PC wide open to the attacker. The file name it attempts to download is w1c.exe.

This honestly couldn’t have been a better time for the hackers to do this. This website is where you find basic information about the stadium, and the surrounding area. You can find your seats, and figure out where to park. I’m sure tons of Super Bowl fans were definitely affected by this exploit.

Discovered by Websense.