14 DAY TRIAL // Microsoft vulnerabilities have become an inherent part of life to the extent where they have also managed to take the stage, well at least part of the stage, at the Super Bowl. Security company Websense revealed the fact that the official Web site of Dolphin Stadium had been hacked and compromised with malicious code.
The malformed javascript file inserted into the header of the front page of the website was designed to automatically execute malicious code on the visitors, via the MS06-014 and MS07-004 vulnerabilities.
"The web is being overrun by malicious security threats such as spyware and adware. Most of these threats are motivated by financial gain, with perpetrators trying to steal confidential information, trade secrets or make money through persistent pop-up advertising," said Graham Cluley, senior technology consultant for Sophos. "Websites related to the Super Bowl will have been a popular destination for surfers around the world in the run-up to Sunday's game, and a prime opportunity for hackers to protect the unwary. System administrators need to put measures in place to better defend their workers' PCs and their networks from attack."
Fans visiting the Miami Dolphins, hosts of Super Bowl, have been exposed to attacks. MS06-014 is a vulnerability in the Microsoft Data Access Components (MDAC) Function dating back to 2006. MS07-004 is a flaw in the Vector Markup Language. Both have received a critical severity rating from Microsoft, and patches are available.
"Malware today typically doesn't announce its presence. It could lurk undetected on a surfer's computer without them realising that it is working in the background, stealing information from them or exploiting their computer's resources," continued Cluley. "Workers who are given free reign to visit whichever websites they choose from their office desk are risking bringing malware into their organization."