We’ll always have Paris..

Maybe there are signs emerging that Lara Croft actress Angelina Jolie is no longer the sweetheart of malware authors.

Although recently we have seen a stream of Jolie-related malware campaigns (often spelling her forename Anjelina, and offering XXX-rated free naked videos of the mother of Brad Pitt’s children), a new attack is being seen right now exploiting the fine name of celebrity airhead and hotel empire heiress Paris Hilton.

The emails, which arrive with a subject line like “Paris Hilton Free Video”, have a message body including a clickable link entitled “Paris Hilton Scandal Home Video!”.

Sign up to our free newsletter.
Security news, advice, and tips.

If the very thought of checking out Paris’s scandalous home videos gets your mouse finger all-a-twitching then you may find before you know it you are downloading a file called Paris-nude-video.avi.exe.

The good news is that Sophos is there to save you, detecting the malware proactively as Mal/TibsPk-F.

The modus operandi being used by the cybercriminals here isn’t unusual. As we describe in the recently published Sophos Security Threat Report we see many examples every day of the bad guys spamming out emails, containing links to malware on websites.

The fact that 90% of malware is found on legitimate websites that have been hacked underlines that it’s essential to not only protect your email from malware, but your web browsing too.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.