NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

Home > News > Security > Incidents

January 14th, 2009, 09:34 GMT · By Lucian Constantin

Paris Hilton's Website Compromised

Adjust text size:

Identity thieves hacked the website of the Hilton business empire heiress, Paris Hilton, and used it to distribute a financial information-stealing Trojan. The visitors of the website were prompted with a malware pushing dialog box masquerading as an update.

High profile websites are always a target for identity thieves, because they provide a larger pool of potential victims. The name and reputation of celebrities, such as Paris Hilton's, are also constantly being used in spam and phishing campaigns.

This latest attack was first documented by Web security company ScanSafe on January 9, but the company's researchers say they are not sure when it really began. According to them, the cyber-criminal succeeded in embedding a rogue iFrame into the website, through which a variant of the Zbot (Infostealer) Trojan was distributed.

Zbot is a Trojan designed to steal online banking information that also features a rootkit component. The malicious application injects code into several legit windows components, it intercepts network traffic and keyboard input, logs clipboard information, redirects traffic, and is also able to download and install additional malware.

The fake update prompt displayed to the visitors of ParisHilton.com pushed the download of the Trojan, regardless of its being accepted or canceled. There is no precise information in reference to how the website was compromised, but Mary Landesman, senior security researcher at ScanSafe, speculated in a phone interview for InformationWeek, that a vulnerability in the Joomla content management system might have been the culprit.

A similar incident has been recently reported on the website of the Major League Baseball (MLB), but unlike that drive-by attack, the Paris Hilton incident did not give users the option to ignore the dialog box. The dialog box had to be clicked in order to continue browsing the website, which practically forced them into downloading a malicious PDF file.

The harmful PDF file exploits a vulnerability in Adobe Reader that was patched in November, and, when opened, it downloads and installs additional applications. Ms. Landesman, said that the malware downloaded in this case was not detected by all anti-virus products.

The issue has been corrected on Tuesday, and the website is now clean. However, this is not the first time that Paris has come into contact with hackers. Her T-mobile phone account was compromised in 2008, and private data as well as photos were stolen. In addition, hackers also by-passed the security of her Facebook account, and got access to personal pictures.

Update: We have been contacted by Elin Waring, president of Open Source Matters, part of the Joomla! Project, who disputed Ms. Landesman's claim that a vulnerability in the Joomla! CMS was responsible for this incident. "The site [Paris Hilton's] is not a Joomla site nor (from a look at the wayback machine) has it ever been," stressed Mr. Waring, in an e-mail to Softpedia.

FILED UNDER:

TELL US WHAT YOU THINK:

3,021 hits · 5 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:

Fake LinkedIn Profiles Spread Malware

Several High Profile Twitter Accounts Hacked

New Critical XSS Flaw Plagues Facebook

Being a Brad Pitt Fan Can Be Dangerous, or Not

Recently Patched Adobe Reader Critical Flaw Targeted by Hackers

READER COMMENTS:

Comment #1 by: Joe on 15 Jan 2009, 14:02 UTC	reply to this comment
Wow that Joomla thing is powerful, considering Hilton's site wasn't running Joomla. Your source for this article is not credible.

Comment #2 by: Andrew Eddie on 15 Jan 2009, 23:28 UTC

reply to this comment

The site does not run Joomla. The only thing that is unclear is why the researchers came to that conclusion. It puts in question all their other findings since they got that simple fact wrong.

For what it's worth, all software has security issues, but Joomla is consistently rated as one of the most secure. We have a better response record for attending to vulnerabilities than Microsoft and Apple (less than a day for zero-day exploits) and other software projects in our genre.

Comment #3 by: Lucian Constantin on 16 Jan 2009, 08:40 UTC	reply to this comment
According to InformationWeek, Ms. Landesman said that it "might" have been. Her theory is based on the fact the a vulnerability in Joomla! was involved in several similar recent reports.

Comment #3.1 by: Jessie on 22 Jan 2009, 20:17 GMT

Lucian, I agree. lMs. Landesman NEVER blamed Joomla. The people commenting on this story are FROM Joomla.

Comment #4 by: Andrew Eddie on 16 Jan 2009, 22:33 UTC

reply to this comment

It might have been Firefox or IE, or Windows XP as well because they have also been involved in several similar recent reports. Just look at the source - it could be any home-brew CMS or blog arrangement. I'd be hard pressed to guess what CMS, if any, it was (looks more like something in the Wordpress genre, but there's not enough evidence to even guess that is "might be" Wordpress, or Drupal, Xoops, or Typo3, or Moveable Type, or Expression Engine, or ... you get the picture).

What this highlights is that researchers don't understand that web software is not like desktop software. There are so many more variables as to why something could happen (usually amounting to someone not maintaining their site - more rarely due to our code). However, the complete "absence" of the software that "might" have caused leads me to question the credibility of the investigation as a whole.

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use