The Web sites of Dolphin Stadium and the Miami Dolphins, host to Sunday’s Super Bowl football game, have been hacked, and malicious code on those sites has been attempting to infect PCs for at least a week, security experts said Friday.The breach on the stadium site was discovered by Websense Inc.’s automated tools on Jan. 26, but the engineers at the company were not alerted to the problem until late this week, when Websense customers complained that they were unable to visit the site. The www.dolphinsstadium.com and www.miamidolphins.com sites were affected by the attack, as were mirror copies of those sites such as www.proplayerstadium.com. The Dolphins’ technicians had cleaned up the Web sites by Friday afternoon, but visitors who had visited the sites over the past week could have had their computers infected, said Dan Hubbard, Websense’s vice president of security research. Miami Dolphins spokesman George Torres confirmed that the Web sites had been hacked and subsequently corrected, but he had no further details on the breach. “We are working on the technology side to review all the code and do whatever we need to, on a security basis, to prevent this from happening again,” he said.The Indianapolis Colts face the Chicago Bears in the National Football League’s championship game, one of the most anticipated sporting events of the year in the U.S. The Dolphins’ sites had been serving up malicious JavaScript code that exploited two known Windows vulnerabilities, Hubbard said. It then attempted to connect with a second Web server that installed a Trojan downloader and a password stealing program on the victim’s computer. The Trojan program would let the attackers install malicious software at a later date, he said.The Web sites that downloaded the malicious software is based in China, and was operating on and off on Friday morning, according to Roger Thompson, chief technology officer with Exploit Prevention Labs Inc.The Microsoft flaws that were exploited by hackers on the sites were both patched by October, but the breach is significant, Thompson said.”It’s a pretty big deal,” he said via instant message. “A lot of people check out football stuff at work, and I bet lots of companies are not patched, even through October.”The NFL’s Superbowl.com Web site is not affected by the hack, Thompson said.Websense published an alert on the hack Friday morning, after first notifying the Miami Dolphins, Hubbard said. The NFL’s Superbowl.com website is not affected by the hack, Thompson said.Websense published an alert on the hack Friday morning, after first notifying the Miami Dolphins, Hubbard said. -By Robert McMillan, IDG News Service Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills Careers Security news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe