Via eWeek.com -
Bears, Colts and Super Bowl football fans everywhere beware.
Users browsing the Internet, perhaps innocently looking up a seating chart at Dolphin Stadium in Miami, could be in a lot more trouble than they would have ever expected.
Malicious code was discovered on the Web site for Dolphin Stadium, the location of this year's Super Bowl, reports Websense.
Websense Security Labs urged Web users to avoid that site completely until the site had been scrubbed cleaned of all destructive code.
The code, hidden under the file name "w1c.exe," initiates both Trojan horse and keylogging capabilities, potentially allowing a hacker to track and record keyboard strokes in order to steal credit card, Social Security or other user information.
The malicious JavaScript file was inserted into the header of the front page of the Dolphin Stadium site. Once visitors entered, it was designed to execute a script that attempts to exploit two known vulnerabilities: MS06-014 and MS07-004.
Both of these exploits attempt to download and execute a malicious file.
No comments:
Post a Comment