A hacker installed malicious code on the official Web site of Miami's Dolphin Stadium just before the Super Bowl, the Associated Press reported. The virus attack was designed to infect computers of football fans seeking information about the game.
Security experts said the hackers installed a key-logger to steal information and provide a backdoor to allow an attacker to remotely control a system. The attack was detected and the code was removed within a few hours.
Reports said the type of malicious software used in the attack was not difficult to detect and easy to control. It was not known, however, how many end user computers might have been infected.
The stadium Web site had been experiencing heavy traffic from people attending the game, as well as NFL fans linked to the site through various official Super Bowl Web sites.
Websense, the security firm that first reported the breach, said the attack involved a common type of Trojan horse program targeting Windows computers without the latest security patches. The program can give hackers full access to compromised computers through two vulnerabilities in Windows PCs, both of which have already been patched by Microsoft.
The first, discovered in April 2006, affects Windows Data Access Components, and the second, disclosed in January 2007, affects Microsoft's Vector Markup Language component.
The firm told the AP that it discovered that a link to a malicious JavaScript file was inserted onto the front page of the stadium Web site. Once a visitor unknowingly executed the script, it attempted to download and execute the malicious keystroke-logging file onto the victim's computer.
George Torres, a Dolphin stadium spokesman, said officials were alerted of the breach at about noon on Friday, Feb. 2. The site was fixed within three hours. The FBI is investigating.
