Super Bowl Hack Exploits Unpatched PCs
The Threat
Using variants of malware that has been circulating in the wild for months, cyber criminals recently exploited Vector Markup Language (VML) file vulnerabilities in Microsoft Windows-based machines and infected the website of the Miami stadium which hosed the recent Super Bowl. The malware authors capitalized on these vulnerabilities to automatically load a malicious script that affords access to infected PCs. Although Microsoft issued patches for these flaws, any unpatched PC remained vulnerable.
The embedded javascript was found initially on the Dolphin Stadium website. The downloaded Trojan is a ZLOB variant that further downloaded a malware related to the World of Warcraft account stealers that circulated a few months ago. An organized crime gang in China is believed to be launching these and related recent attacks, including one on a podcast area of the website of the Centers for Disease Control and Prevention (CDC).
After the initial report of the Super Bowl site, Trend Micro immediately issued updated pattern files to protect users from this malware.
The Implications
This development illustrates the renewed vigor with which malware authors exploit social engineering practices. Cyber criminals use almost every major holiday, event, or news item for their malicious purposes, and the Super Bowl is no exception. The continued use of this practice, along with the growing sophistication of Web threats like these, highlights the need for consumers and enterprises to use the best available protection practices and solutions, including keeping up to date on the latest threat technologies and techniques
