According to Thomas Claburn's story from Monday, a malicious iFrame was embedded into Hilton's Web site. This iFrame refers to another site that hosts the malware and displays a pop-up window prompting visitors to "update" their system. And whether a user clicks "OK" or "Cancel" -- they get infected with a Trojan. The only escape, ScanSafe security researcher told Claburn, is "CTRL+ALT+Delete."
In the past few weeks we've seen a number of attacks targeting celebrity LinkedIn and Facebook accounts, as well as 33 celebrity accounts on the popular microblogging site Twitter.
The goal has been simple: leverage the trust of the Web site or the celebrity's name to lure potential victims to either hand over their log-on credentials or infect systems with traffic and keystroke loggers to do it.