Quantcast
Subscribe to magazine

Blogs

Paris Hilton's Site Attacks Visitors

Erik Larkin

Paris Hilton's official Web site is serving up an unexpected surprise, according to Robert McMillan of the IDG News Service. The hacked site attempts to infect visitors with a Trojan in what sounds like a classic drive-by-download attack. As of yesterday, the site was still attacking visitors, and you shouldn't attempt to visit the site yourself.

If you read my listing of the most dangerous security myths, then you'll recognize this as just the latest example of why you can't stay safe online simply by avoiding suspicious sites (and while the non-hacked Parishilton.com might prove dangerous to your IQ, it won't usually hurt your PC). No word on just how the site may have been compromised, but hackers typically exploit software flaws with database input fields or homegrown applications to insert their own malicious, hidden code on otherwise benign sites.

Happen across a site infected with such code, and you may suffer an attack without ever knowing it. In this case, McMillan says you'd see a pop-up prompting you to download additional software to view the site, but whether you click yes or no the attack code will attempt to download a Trojan onto your PC.

As I mentioned in previous posts, your best defense against these types of attacks is to first keep all your software up-to-date, including the normally buried ActiveX controls and browser plug-ins that attacks like these frequently target. I use the free Secunia PSI to make that task easy.

That will protect against the behind-the-scenes attacks that attempt to use unpatched holes on your PC to download malware without your knowledge. To guard against social engineering attacks that attempt to trick you into doing the dirty deed (like the described pop-up that tries to get you to download malware masquerading as a "site enhancing" add-on), double-check any download by sending it to the free Virustotal.com site.

McMillan writes that 12 of the 37 different AV engines used to scan files sent to Virustotal.com flagged the Trojan distributed through the Parishilton.com hack - which means that if you used Virustotal.com you'd get fair warning, but if you only relied on your AV program it might slip by.

  • Recommend this story?
  • 0 Yes
    0 No

"Paris Hilton's Site Attacks Visitors " Comments

Print 50% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.

Featured APC Accessories For Your System
10% Off Entire Cart at Online Store

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

Security Alert

All PC World Blogs

  • 2007 Microsoft Office Suites Comparison This paper compares and contrasts four suites of the 2007 Microsoft Office system: Microsoft Office Standard 2007, Microsoft Office Professional Plus 2007, Microsoft Office Enterprise 2007 and Microsoft Office Ultimate 2007. This paper is intended to help organizations understand the applications and capabilities offered, and to identify the suite that best fits their needs.
  • Windows Vista Migration: The Business Proposition It's not so much a matter of "if" but "when" for most organizations regarding migration to Windows Vista. Laying the groundwork now for this migration can yield higher ROI than waiting until later. This Computerworld Technology Briefing explains it all.

Today's Special Offers