Hackers targeted Superbowl-related websites last week in attempt to direct American football fans to sites hosting malware.

Sites related to the Miami venue of the NFL Championship game - www.dolphinsstadium.com and www.miamidolphins.com - were among a number of sites hacked into and modified to insert reference to a hostile script running on Chinese site www.dv521.com. The NFL's Superbowl.com website was not affected by the attack.

The hostile scripts took advantage of two Windows exploits in attempting to download a file called W1C.EXE from the dv521.com site, which contains the Wow-PK key-logging Trojan. The offending Chinese site was taken offline late last week after the attack was detected (http://www.websense.com/securitylabs/alerts/alert.php?AlertID=733) by net security firm Websense and before Sunday's game, where the Indianapolis Colts beat the Chicago Bears 29-17 in a rain-affected game. ®

Related stories

Cyber crooks hijack 10,000 websites (18 June 2007)
http://www.theregister.co.uk/2007/06/18/hijacked_sites_install_malware/
Gozi hybrid Trojan menaces the net (22 May 2007)
http://www.theregister.co.uk/2007/05/22/gozi_trojan_hybrid/
Fear and Loafing at RSA (9 February 2007)
http://www.theregister.co.uk/2007/02/09/rsa_fear/
Trojan downloader uses Zidane lure (17 July 2006)
http://www.theregister.co.uk/2006/07/17/zidane_trojan/
Premiership Excel virus debuts after season concludes (8 May 2006)
http://www.theregister.co.uk/2006/05/08/premiership_virus/
Janet Jackson's jub tops Google search list (22 December 2005)
http://www.theregister.co.uk/2005/12/22/google_search_results/
Beckham + strumpet pic actually Trojan (12 October 2004)
http://www.theregister.co.uk/2004/10/12/beckham_trojan_ruse/