Super Bowl Trojan infects dozens of sites

By Staff 06 Feb 2007 | SearchSecurityChannel.com

Digg This!     StumbleUpon     Del.icio.us

The security service at Websense Inc. in San Diego discovered the Dolphin Stadium hack Feb. 2; over the weekend the SANS Internet Storm Center (ISC) in Bethesda, Md. found that at least 50 other sites had also been infected by a JavaScript keylogger.

The file was injected into the header of each site, executing and attempting to download a Trojan to the PC of anyone visiting the site. The Trojan attempted to exploit two known Windows vulnerabilities.

Experts at McAfee Inc. said the script and Trojan weren't sophisticated, but that placing it on the Dolphins Stadium site the weekend of the Super Bowl was extremely effective at spreading the malware.

The chief researcher at SANS ISC said all the high-profile sites had been fixed and posed no danger to visitors; managers of several of the sites couldn't confirm whether they'd been infected, however, and others did not return calls.

The original version of this story appeared on TechTarget sister site SearchSecurity.com.

Tags: Malware protection and defense strategies,  Data breach and leak prevention,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware protection and defense strategies Smartphone security software market shows strong potential for channel Trend Micro's Worry-Free Business Security 6.0 extends partner opportunities SenSage tapped to participate in McAfee's Sales Teaming Program Agilex partners with HBGary to offer security forensic, assessment services What is the future of antivirus or antimalware software? Checklist: Five steps to assessing a customer's antivirus protection Top security book excerpts of 2007 Virtual honeypots: Tracking botnets Tracking botnets Defending against bots Data breach and leak prevention Data protection fueled by data leakage prevention products and services Security channel can't ignore full-disk encryption products, services Vulnerabilities, regulatory compliance drive data protection market Sophos integrates encryption into endpoint, email security Maintaining your customers' security amid layoffs Making the case for 'live' incident response Mass. data protection law 201 CMR 17: How to get customers ready Data breach prevention techniques: Helping customers avoid data breaches PGP partners with Avnet to boost channel play Data protection services offer revenue for security solution providers

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary