It seems as though Paris Hilton has been attacked – not in the streets, not in her home, not in her car, but through her website. Paris Hilton’s website has been infected with a virus which prompted users of the site to install a mysterious ‘update’. Whether the user then decided to install the update or not, the update plants itself onto the users computer and then goes about doing the virus dance.
The virus was discovered by the web security company ScanSafe on January 9, however didn’t actually get around to fixing the issue until a few hours after the news about the virus broke, four days later.
In a statement, ScanSafe announced that the website had been attacked by the virus, claiming that, “Hilton’s popular website, ParisHilton.com, has been outfitted with malware prompting site visitors to ‘update’ their system in order to continue navigating the site. When the bogus pop-up box appears, users have the option to click ‘Cancel’ or ‘OK.’ Regardless of which option they choose, destructive malware will be downloaded to the user’s computer.”
The senior security researcher at ScanSafe, Mary Landesman, stated that although the virus had compromised the website’s security, such attacks needed to be expected when the celebrity is so famous. “Paris Hilton’s site is currently compromised. We first encountered it on [Jan. 9]. We don’t know when it happened.”
“Their sites, because of their celebrity, are going to enjoy pretty heavy traffic. And they have an obligation to their fan base to keep it safe,” claimed Landesman.
According to figures released by Alexa.com, a total of 164,000 users have visited the site since the virus was found, however, the total number of users that have been affected cannot be known.
Paris Hilton has been a victim to other technical issues in the past, as her mobile handset was hacked back in 2005 and a number of private pictures and other such information were found and shown around the world. Again, in 2008, Paris’s Facebook account was broken into, again causing a bit of an upset.
To make the matter worse for visitors to the site that have been infected by the virus, the Trojan in question does not actually show up on many Antivirus software’s. Therefore, there will be a lot of computers out there that have the Trojan floating around their systems. The Trojan in question is the Trojan-Spy-Zbot.YETH which implants itself onto the user’s computer and then steals the user’s private online banking details and then also opens a door to allow other malicious codes to be downloaded onto the computer.
Landesman went on to discuss how the Trojan operates on the user’s system once either OK or Cancel had been clicked and the Trojan had been downloaded. “These exploit frameworks generally include a cocktail of potential compromises. The exploit being used appears to have been patched in November, but that has not been confirmed.” Landesman claims that way around downloading the virus is to perform a hard quit.