Paris Hilton's Site Attacks Visitors
— -- Paris Hilton's official Web site is serving up an unexpected surprise, according to Robert McMillan of the IDG News Service. The hacked site attempts to infect visitors with a Trojan in what sounds like a classic drive-by-download attack. As of yesterday, the site was still attacking visitors, and you shouldn't attempt to visit the site yourself.
If you read my listing of the most dangerous security myths, then you'll recognize this as just the latest example of why you can't stay safe online simply by avoiding suspicious sites (and while the non-hacked Parishilton.com might prove dangerous to your IQ, it won't usually hurt your PC). No word on just how the site may have been compromised, but hackers typically exploit software flaws with database input fields or homegrown applications to insert their own malicious, hidden code on otherwise benign sites.
Happen across a site infected with such code, and you may suffer an attack without ever knowing it. In this case, McMillan says you'd see a pop-up prompting you to download additional software to view the site, but whether you click yes or no the attack code will attempt to download a Trojan onto your PC.
As I mentioned in previous posts, your best defense against these types of attacks is to first keep all your software up-to-date, including the normally buried ActiveX controls and browser plug-ins that attacks like these frequently target. I use the free Secunia PSI to make that task easy.
That will protect against the behind-the-scenes attacks that attempt to use unpatched holes on your PC to download malware without your knowledge. To guard against social engineering attacks that attempt to trick you into doing the dirty deed (like the described pop-up that tries to get you to download malware masquerading as a "site enhancing" add-on), double-check any download by sending it to the free Virustotal.com site.
McMillan writes that 12 of the 37 different AV engines used to scan files sent to Virustotal.com flagged the Trojan distributed through the Parishilton.com hack - which means that if you used Virustotal.com you'd get fair warning, but if you only relied on your AV program it might slip by.
