NEWS FROM THE LAB - Thursday, January 15, 2009

Hilton (not the hotel) Compromised Posted by Sean @ 14:50 GMT

We've been reading reports regarding the compromise of Paris Hilton, err… parishilton.com.

A malicious IFrame was inserted on the site sometime last week. The IFrame content directed visitors to install "updated" software. Remember, if you must update an application to take advantage of a new feature, it's always advisable to go directly to the vendor's website in order to install it. (Most of our regular readers already know this of course.)

The offending IFrame appears to have been removed at this time. You can read more about the compromise here and/or here.

The infection of "Paris Hilton" highlights a popular trend among online attackers. Hacking a (trusted) name worthy site can yield many new victims. It's worth the investment of time. So there really is no such thing as a trusted site 100% of the time.

Would you like to spend the night at the Paris Hilton?

Paris Hilton, Paris