Paris Hilton emails may be infected by a virus, Sophos reports

February 21, 2005 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centres, have warned users to be wary of emails containing references to Paris Hilton after two different worms have been discovered claiming to contain hardcore footage of the society heiress.

The W32/Sober-K and W32/Ahker-C worms can masquerade as x-rated videos of the popular celebrity.

The W32/Sober-K worm, which is spreading in the wild, bulk mails itself using a variety of different subject lines including "Paris Hilton, pure!" and "Paris Hilton SexVideos". It can send itself in either German or English language, depending on whether it believes the recipient's email address to be owned by a German or English speaker.

The W32/Ahker-C worm sends itself using the subject line "Paris Hilton...download it!" and an attached file called "ParisXXX.zip". The worm attempts to disable anti-virus and firewall software running on the computer, and blocks access to a number of websites, potentially opening up the PC to further attack by hackers and malware.

"It's an old trick but sadly it still often works - disguise your worm as hardcore porn and there are likely to be some computer users who will throw common sense out of the window and launch the dangerous file," said Graham Cluley, senior technology consultant for Sophos. "Those looking for the simple life, without the trouble of viruses and worms, would be wise to be wary of unsolicited email attachments."

Sophos experts have discovered the worms on the same day that it was reported that hackers have broken into Miss Hilton's mobile phone address book, and published the private telephone numbers for celebrities such as Anna Kournikova, Lindsay Lohan and Vin Diesel.

"Paris Hilton is, according to some search engine companies, the most commonly searched for female celebrity on the internet. Interest in her is huge, so it's no surprise that virus writers have tried to use her as bait," continued Cluley.

Curiously, the W32/Derdero-A worm, which was also discovered today, can send itself using a variety of email subject lines including "AHKER.C Alert".

Sophos recommends companies protect their email gateways with a consolidated solution to defend against viruses and spam. Businesses should also secure their desktop and servers with automatically updated protection.