"Visitors to the site execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004," according to a bulletin from Websense. "Both of these exploits attempt to download and execute a malicious file.
"The file that is downloaded is a NsPack-packed Trojan keylogger/backdoor, providing the attacker with full access to the compromised computer. The filename is w1c.exe and its MD5 is ad3da9674080a9edbf9e084c10e80516."
According to published reports, Dolphin Stadium representatives have confirmed that the site was compromised, but said the issue had been addressed and that the Web site no longer poses a threat. However, Websense said, the initial breach may have occurred more than a week ago.
The Web site is currently experiencing higher-than-normal traffic because of Sunday's event.