Dan Hubbard, vice president of security research at Websense, told SCMagazineUS.com that the most likely form of attack to materialise in the run-up to the Feb. 3 clash between the New England Patriots and New York Giants will be botnet-generated phishing emails delivered in messages with Super Bowl-related subjects.
The perpetrators behind the notorious Storm Worm trojan and botnet have unleashed several waves of holiday-inspired bogus email messages recently, and they may not be able to resist the ultra high profile offered by the NFL's championship game, he noted.
Additionally, Hubbard said, a number of domains with Super Bowl-related URLs have been registered, but the destination sites for these URLs have yet to materialise raising the possibility that a number of malware-infused sites will pop up in the next few days hoping to snare fans googling myriad Super Bowl sites.
While Super Bowl-related phishing emails and bogus game sites containing malware may be inevitable, perhaps the ripest potential targets are the largest legitimate Super Bowl websites – like the official game site (www.superbowl.com and the Patriots' website, which now are notching millions of visits per day.
Hubbard told SCMagazineUS.com that the increased sophistication and interactive functionality of the major Super Bowl websites also may have increased the vulnerability of these sites.
These official sites are constantly adding bells and whistles, including functions that encourage users to contribute content. These features are going up so quickly, essentially they are in beta and released at the same time,” he said, adding that Super Bowl site managers must be constantly vigilant in scanning their sites for vulnerabilities, keeping pace with would-be hackers who no doubt are doing the same thing.
Websense's Threatscanner system detected the malicious code and automatically generated a warning telling users to stay away from the Dolphins' site, Hubbard said. When a Websense customer asked the internet security firm to explain the warning, Websense posted an alert and notified Dolphins Stadium officials, who in turn notified the FBI.
See original article on scmagazineus.com
Odds favour Super Bowl cyberattacks, security expert says
By Jack Rogers on Jan 25, 2008 12:26PM