More than 15,000 Web sites have been infected with the same Trojan that has been by detected at Paris Hilton's Web site, ParisHilton.com. This certainly won't be the last time this happens this year.Casual news readers may see headline: Paris Hilton's Web site infected or Paris Hilton's Web Site hacked and go away with the thought that Paris Hilton's Web site was the target. It wasn't. Paris Hilton's Web site is a victim in all of this, and the real target is actually all of her visitors.
According to Thomas Claburn's story from Monday, a malicious iFrame was embedded into Hilton's Web site. This iFrame refers to another site that hosts the malware and displays a pop-up window prompting visitors to "update" their system. And whether a user clicks "OK" or "Cancel" -- they get infected with a Trojan. The only escape, ScanSafe security researcher told Claburn, is "CTRL+ALT+Delete."
The goal has been simple: leverage the trust of the Web site or the celebrity's name to lure potential victims to either hand over their log-on credentials or infect systems with traffic and keystroke loggers to do it.