Tag: Paris Hilton

Paris Hilton’s site Compromised

Individuality thieves hacked the website of the Hilton commerce realm heiress, Paris Hilton, and used it to deal out a financial information-stealing Trojan. The guests of the website were provoked with a malware approaching dialog box masked as an inform.

 

Elevated profile websites are forever an aim for identity thieves, because they give a better pool of potential victims. The name and status of celebrities, such as Paris Hilton’s, are also continually being used in spam and phishing campaign. This newest assault was first recognized by Web security company Scan Safe on January 9, but the company’s researcher’s say they are not certain when it actually began. According to them, the cyber-criminal succeeds in embedding a rogue iframe into the website, through which a variant of the Zbot (Info stealer) Trojan was dispersed.

 

 

Zbot is a Trojan intended to steal online banking information that also features a root kit component. The nasty application injects code into several legit windows components, it intercept network traffic and keyboard input, logs clipboard information, redirects traffic, and is also able to download and install extra malware. The false update prompt display to the guests of ParisHilton.com pressed the download of the Trojan, in spite of its being conventional or lost. There is no precise information in reference to how the website was compromised, but Mary Landesman, senior security researcher at Scan Safe, speculate in a phone interview for InformationWeek, that vulnerability in the Joomla content management system might have been the offender.

 

An alike incident has been newly reported on the website of the Major League Baseball (MLB), but unlike that drive-by attack, the Paris Hilton incident did not give users the option to ignore the dialog box. The dialog box had to be clicked in order to continue browsing the website, which practically forced them into downloading a malicious PDF file.

 

The harmful PDF file exploits vulnerability in Adobe Reader that was patched in November, and, when opened, it downloads and installs additional applications. Ms. Landesman said that the malware downloaded in this case was not detected by all anti-virus products.

 

The issue has been corrected on Tuesday, and the website is now clean. However, this is not the first time that Paris has come into contact with hackers. Her T-mobile phone account was compromised in 2008, and private data as well as photos were stolen. In addition, hackers also by-passed the security of her Face book account, and got access to personal pictures.

Bare celebrity on LinkedIn direct to malware

A blog post by our friends at Trend Micro wedged my eye this morning, and got some of the guys within SophosLabs looking a small quicker at some of the profiles listed on the business networking site, LinkedIn. It’s astounding how many people signed-up on LinkedIn have words like “nude” and “naked” in their job title. It’s probable that some of these are genuine (for instance, the person who claims to be the Chief Nude Parachutist at a New York-based company), but many of them are not.

 

For example, I think it’s very improbable that Paris Hilton works for a firm called “company B”, and that she would want to post links claiming to be of her notorious sex video. Another celebrity who has fallen foul of a private home movie becoming public is Kim Kardashian. It seems that the hackers who have peppered LinkedIn with false profiles also believe that people will be probing for videos of her, and so they have created a page for her too.

 

 

Other names (of various levels of fame) with fake profiles on LinkedIn include Jaime Pressly, Christina Aguilera, Keri Russell, Zooey Deschanel, Lizzy Caplan, Brooke Hogan and Tila Tequila. Some of the links contained in these profiles are currently down, but SophosLabs can confirm that as recently as January 1st 2009 the malicious Troj/Decdec-A JavaScript code was being found on them, downloading further malware onto visiting computers.

 

 

It’s a shame that LinkedIn aren’t keeping a closer eye on clearly bogus profiles being shaped on their site. Certainly spammers, malware authors and other cybercriminals may be abusing the system to link to their WebPages in the hope that it will produce a higher ranking in search engines like Google.