Individuality thieves hacked the website of the Hilton commerce realm heiress, Paris Hilton, and used it to deal out a financial information-stealing Trojan. The guests of the website were provoked with a malware approaching dialog box masked as an inform.
Elevated profile websites are forever an aim for identity thieves, because they give a better pool of potential victims. The name and status of celebrities, such as Paris Hilton’s, are also continually being used in spam and phishing campaign. This newest assault was first recognized by Web security company Scan Safe on January 9, but the company’s researcher’s say they are not certain when it actually began. According to them, the cyber-criminal succeeds in embedding a rogue iframe into the website, through which a variant of the Zbot (Info stealer) Trojan was dispersed.
Zbot is a Trojan intended to steal online banking information that also features a root kit component. The nasty application injects code into several legit windows components, it intercept network traffic and keyboard input, logs clipboard information, redirects traffic, and is also able to download and install extra malware. The false update prompt display to the guests of ParisHilton.com pressed the download of the Trojan, in spite of its being conventional or lost. There is no precise information in reference to how the website was compromised, but Mary Landesman, senior security researcher at Scan Safe, speculate in a phone interview for InformationWeek, that vulnerability in the Joomla content management system might have been the offender.
An alike incident has been newly reported on the website of the Major League Baseball (MLB), but unlike that drive-by attack, the Paris Hilton incident did not give users the option to ignore the dialog box. The dialog box had to be clicked in order to continue browsing the website, which practically forced them into downloading a malicious PDF file.
The harmful PDF file exploits vulnerability in Adobe Reader that was patched in November, and, when opened, it downloads and installs additional applications. Ms. Landesman said that the malware downloaded in this case was not detected by all anti-virus products.
The issue has been corrected on Tuesday, and the website is now clean. However, this is not the first time that Paris has come into contact with hackers. Her T-mobile phone account was compromised in 2008, and private data as well as photos were stolen. In addition, hackers also by-passed the security of her Face book account, and got access to personal pictures.