Paris Hilton’s Web site has been hacked and is serving visitors a malicious Trojan program designed to steal sensitive information from their computers.
The hack was discovered by security vendor ScanSafe, which said that Parishilton.com (note: this site is not safe to visit as of press time) had apparently been compromised since Friday. Visitors to the site are presented with a pop-up window urging them to download software in order to enhance their viewing of the site. Whether they click “yes” or “no” on this window, the site then tries to download a malicious program, known as Trojan-Spy.Zbot.YETH, from another Web site.
“The popup points to a directory on that Web site; that’s where the malware is being loaded from,” said Mary Landesman, a security researcher with ScanSafe. Once installed, the Trojan steals online information and tries to install more malicious software on the victim’s computer.
Landesman believes thousands of other Web sites may also be serving up this variant of the attack her firm uncovered. However, Parishilton.com, the celebrity’s official Web site, is the best-known target. “The big thing with Paris Hilton is the number of visitors that she gets,” Landesman said. “It’s always doubly concerning when we see a high-profile Web site get compromised.”
To make things worse, most antivirus products are not identifying the Trojan program being served by Parishilton.com. On Monday afternoon, only 12 of the 37 vendors tested by VirusTotal identified the Trojan.