Security news
Security news12 April 2007
Party girl Paris Hilton subject of Microsoft vulnerability spam attack Porn star Jenna Jameson's name also besmirched by malware authors
IT security and control firm Sophos is urging computer users once again to patch against a critical bug in how Microsoft Windows handles animated cursors (ANI files) as hackers exploit the problem by sending out emails related to professional party girl Paris Hilton and hardcore actress Jenna Jameson.
The emails claim to come from Nude JemmaJameson.com.
The spammed email messages have subject lines such as "Hot pictures of paris hilton nude" and contain an embedded image not of the celebrity hotel heiress but of pornographic actress Jenna Jameson. When clicked on, the image links to a website containing the malicious Troj/Iffy-B Trojan horse. The Trojan horse in turn points to another piece of malware which tries to exploit the Microsoft vulnerability.
The emails have a clickable picture of porn star Jenna Jameson.
This latest attack is believed to be by the same group of hackers that last week spammed out scantily clad pictures of Britney Spears to exploit the Microsoft vulnerability. It follows news that Paris Hilton and Jenna Jameson were seen celebrating the latter's birthday party together at a trendy LA club last weekend.
"The problem is that consumers and businesses may not yet have patched themselves against this vulnerability, and clicking on unsolicited emails like these could lead them to a nasty malware infection," said Graham Cluley, senior technology consultant for Sophos. "Microsoft issued a patch for the problem last week, but determined hackers look set on taking advantage of the security flaw for some time to come."
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for Microsoft security vulnerabilities.
Sophos experts note that this is not the first time that Paris Hilton has been used as bait in an attempt to trick innocent computer users into viral infection. Two mass-mailing worms that masqueraded as X-rated videos of Hilton were released in February 2005. The promise of glimpses of pin-ups like Britney Spears, Halle Berry, Avril Lavigne, Anna Kournikova, Julia Roberts, Angelina Jolie and Brad Pitt, Jennifer Lopez, or the stars of 'Sex and the City' have previously been used to help viruses spread.
Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, spyware, and spam.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
