IT security and control firm Sophos is urging computer users once again to patch against a critical bug in how Microsoft Windows handles animated cursors (ANI files) as hackers exploit the problem by sending out emails related to professional party girl Paris Hilton and hardcore actress Jenna Jameson.
This latest attack is believed to be by the same group of hackers that last week spammed out scantily clad pictures of Britney Spears to exploit the Microsoft vulnerability. It follows news that Paris Hilton and Jenna Jameson were seen celebrating the latter's birthday party together at a trendy LA club last weekend.
The spammed email messages have subject lines such as "Hot pictures of paris hilton nude" and contain an embedded image not of the celebrity hotel heiress but of pornographic actress Jenna Jameson. When clicked on, the image links to a website containing the malicious Iffy-B Trojan horse. The Trojan horse in turn points to another piece of malware which tries to exploit the Microsoft vulnerability.
"The problem is that consumers and businesses may not yet have patched themselves against this vulnerability, and clicking on unsolicited emails like these could lead them to a nasty malware infection," Graham Cluley, senior technology consultant for Sophos told DaniWeb, continuing “Microsoft issued a patch for the problem last week, but determined hackers are still trying to lure computer users with promises of nude pictures and look set on taking advantage of the security flaw for some time to come."
This is not the first time that Paris Hilton has been used as bait in an attempt to trick innocent computer users into viral infection. Two mass-mailing worms that masqueraded as X-rated videos of Hilton were released in February 2005. The promise of glimpses of other pin-ups like Britney Spears, Halle Berry, Avril Lavigne, Anna Kournikova, Julia Roberts, Angelina Jolie and Brad Pitt, Jennifer Lopez and the stars of 'Sex and the City' have previously been used to help viruses spread.