Angelina Jolie calls in the lawyers?

Yes, it’s a picture of Angelina Jolie.

Yes, she’s lying by the swimming pool but appears to have left her costume behind.

Yes, there’s a link inviting you to “watch the video”.

Sign up to our free newsletter.
Security news, advice, and tips.

And, yes, none of this should be news to you – and we all should know that something ghastly will be waiting at the other end if you click on the link. It beggars belief that anyone other than Neanderthal man hasn’t learnt by now that clicking on that link wouldn’t be a very bad idea indeed. Regular readers of this blog already know the danger of those words “watch the video”.

But what’s interesting to me in this particular example is that the link points to what appears to be an established legitimate website for a firm of Long Island criminal lawyers.

Maybe if they look at their web logs today they’ll find a surprising spike in the number of people visiting their website today, and specifically downloading an executable that will compromise Windows PCs. Sophos proactively detects it as Mal/EncPk-DA, by the way.

90% of the websites that are hosting malware are legitimate sites that have been compromised by hackers. Maybe people should spend a little more time with their head in the web server security manuals rather than drooling over a sunbathing photo of Mrs Brad Pitt.

Are you doing enough to defend your webpages from a hack attack?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.