websense.com — Websense Labs has discovered that the official website of Dolphin Stadium has been compromised with malicious code. The Dolphin Stadium is currently experiencing a large number of visitors, as it is the home of Sunday's Super Bowl XLI. MS06-014 and MS07-004 exploits are used to download a payload of a NsPack-packed Trojan keylogger/backdoor
Feb 2, 2007 View in Crawl 4
thenativeraverFeb 2, 2007
<a class="user" href="http://The.Miami.Dolphins.JustGotOwned.com">http://The.Miami.Dolphins.JustGotOwned.com</a>
knightblade2oo4Feb 3, 2007
Well at least the site looks nice.
macewanFeb 3, 2007
@MikeZila, thanks for the laugh=)@othertwo, I think you're missing the point of why the Mac is popular. Even though synaptic is great and we've got engage, udock, cairo-dock, GNOME-dock, and kiba-dock and on and on - Mac are pretty, easy to use, not Windows systems and come with access to great software.
justice7Feb 3, 2007
@mooninitedon't be a troll -- there have been many similar exploits for apache.
cytranicFeb 3, 2007
Man this is the worst misleading title EVER! When I read the headline, I thought someone hacked the Megatrons TV's, the Scoreboard and all the computer inside the stadium. All they did was hack the website...
jsusankaFeb 3, 2007
anbody that uses iis on a public facing website should consider a career change. windows is barely good enough for a desktop.
grumpyrainFeb 3, 2007
"For all we know, they may have left their server logged in."You are suggesting that there are equal chances that the server had a security issue than they left their server logged in. This is simply not true.No, I never said that they are just as likely. I suggested that we have no more *proof* that IIS is to blame for the compromise than lax user security. Who really knows? Did one of their laptops get pinched with the user having ticked 'save my password'? I can't tell. > "(albeit not the most likely scenario)". The posters above tried to imply that IIS is the cause of this. I don't see how they draw the line.Exactly, your scenario isn't likely. IIS being compromised is most likely and that is how they draw the line.Here is IIS5 (<a class="user" href="http://secunia.com/product/39/?task=advisories).">http://secunia.com/product/39/?task=advisories).</a> There are two known unpatched vulnerabilities, neither of which allow remote code execution (1 DOS vector, 1 log bypass vector). So the only way we can draw the line is if we are willing to accept that they have not patched their server. *But*, if you are willing to accept that, then why is it so hard to accept that one of the many trojans / viruses / keyloggers / etc was installed through some other attack vector? I find it more likely that some non-IIS attack vector could have been used, because clearly their patching regime is not up to date, and many more flaws have been discovered in the combined Windows and its other services than in IIS alone.But if you will grant that it is possible to compromise an unpatched server, then running Apache could have been just as much a problem for them. And if as I suspect the web server was not the attack vector used (I have no scientific reason to suspect this any more than you have a scientific reason to not suspect it), then any web server any version could have been compromised. A chain is as strong as its weakest link.>If as you indicate they are still running IIS5, their upgrade and patching regime is probably not up to scratch. If that is the case, than any OS vulnerability, >social engineering technique can allow a back door to be installed.Sure but that is not what we are talking about here right? We are talking about IIS being the most probably cause of the issue.>You can not compare IIS5 to 6 or 7 any more than you can compare the security problems of XP SP1 to 2003 server or Vista. Please don't take my word >on it, but don't take the anti ms fanboys word either. If you want an honest evaluation on how secure a product is, look at the unpatched vulnerabilities >and the time to patch. (<a class="user" href="http://secunia.com/product/1438/).">http://secunia.com/product/1438/).</a> Running an old unpatched webserver is not a good idea, even if it is Apache, especially for such >a high traffic site likely to attract the interest of undesirables.What does 6 and 7 have to do with anything? This is IIS5 and this is one of the very likely causes of the problem. Who cares if IIS6 or 7 are more secure? It didn't help these poor bastards did it?It is certainly one of the key candidates, no questions there. But I fail to see how you would expect them to be running a fully patched OS but forget to run a fully patched web server.
yensterFeb 4, 2007
@cheez:Your Super Bowl seats are now somewhere in Zhejang Province.