Celebrity web sites boobie trapped
Posted on | January 12, 2009 | add a comment
A new wave of boobie-trapped celebrity web sites is posing a clear and imminent hazard to starry-eyed Internet users. Be forewarned: ParisHilton.com is serving up a prompt asking site visitors to “update” their system in order to proceed on the site, says ScanSafe.
A viral pop-up box gives the visitor the option to click “Cancel” or “OK”; either choice downloads a data-stealer and backdoor that allows the intruder to usurp control of your PC and turn it into a bot.
ScanSafe is reporting sexy-celeb-photos.com is also serving up similar ruses. “Internet users should be especially cautious of security threats on high traffic and celebrity websites,” says Mary Landesman, ScanSafe senior security researcher.
The downloaded malware can also intercept and tamper with network traffic — bad for your employer. “This type of threat poses particular problem to the enterprise,” says Landesman, “as it can call into question the integrity and safety of all of their internal and external communications. ”
ScanSafe says the malware is still active on parishilton.com, and some 15,000 other sites are similarly compromised. Most appear to be small home user type websites.
“However, a high profile celebrity site collectively garners more visitors than all of the small websites combined,” says Landesman. “Thus it is particularly concerning when a highly trafficked site is the victim of a compromise – particularly one that is delivering such an insidious form of malware.”
Malware threats have increasing exponentially month-to-month. There was more web-distributed malware in July 2008 than in the whole of 2007. October 2008 was 21% worse. November was as bad as October and December didn’t show much improvement, says Landesman.
