Print
Discuss
Send to friend
RSS feedsA screen name once connected to animated TV dad Homer Simpson is being used to spread malware.
A 2003 episode of The Simpsons revealed that Homer's email address was chunkylover53@aol.com.
The address was registered by one of the show's writers prior to the episode's airing and used to answer hundreds of emails from Simpsons fans.
But the chunkylover53 screen name has resurfaced and is now being used to distribute a Trojan disguised as a Simpsons movie file.
Chris Boyd, malware research director at FaceTime, said that chunkylover53 is sending auto-reply messages promising a special exclusive episode of the show available for download.
The link in the message leads to an executable file. On launching the Trojan, the user is presented with a fake error message followed by several real error messages and finally a blank screen.
On restarting, the user's system will run noticeably slower and be prone to crashes.
The malicious payload includes a rootkit and remote control software which logs the user in a botnet. The malware was traced back to Kimya, a Turkish botnet which has been infecting machines for the past four months.
Boyd told vnunet.com that it was unclear whether the malware operators have taken control of the chunkylover AOL account, or simply registered the screen name as an instant messenger account. AOL did return a request for comment.
The malware is currently being spread only by the chunkylover53 user name, but Boyd warned that the botnet could easily be used to launch a much larger malware attack in the future.
"For now, this is a good reminder to be cautious when randomly adding cool things seen on TV and film to your online applications," said Boyd.
"You cannot always assume that the person at the other end is entirely in control, or indeed related to what you are looking for in the first place."
See also:
All Hacking Tags: Malware, Botnet, Security
del.icio.us
Digg this
reddit!
