Mega-events are high-security animals. When something like the Super Bowl goes on in a city, everyone from the local Sheriff to the FBI and Homeland Security are involved in keeping the visitors and fans safe from any real or perceived threat imaginable but, the digital world isn't quite as safe. Someone forgot to lock up the website belonging to Dolphin Stadium, this year's Superbowl host. Websense warns in a
threat alert, "A link to a malicious javascript file has been inserted into the header of the front page of the [Dolphin Stadium] site. Visitors to the site execute the script, which attempts to exploit two [recent Windows] vulnerabilities:
MS06-014 and
MS07-004. Both of these exploits attempt to download and execute a malicious file."
What a reminder that exactly this type of site presents a disproportionate security threat. When a site that has a relatively low volume of traffic on average becomes host to a large swarm of users, it also drastically increases its threat profile.
Translation: You might as well paint a target on the side and hand out boxes of bullets. ZDnet
adds that the official Dolphin Stadium website has been cleared of the exploit but also cautions that a site with a simillar name was targeted and hasn't been fixed or taken offline.
