Saturday, July 12, 2008

Malware Targets Simpsons Cartoon Series Fans On AIM

FaceTime Security Labs writes in its blog about malware that's spread in AIM (AOL Instant Messenger) network. To be more exact spreader is username 'Chunkylover53' which has its status set to away and away message contains a link to a malicious file. So, what's so special with name Chunkylover53? Well, in one old episode of Simpsons cartoon series it was revealed that Homer Simpson's (one of the main characters of the series) email address was Chunkylover53@aol.com. This malware link spreading username may not necessarily be related to this email address in anyway but the 'Chunkylover53' name itself is enough to attract Simpsons fans and possibly make them add it to their AIM contact list.

In its away message 'Chunkylover53' adverts a link saying that by downloading its contents user gets "a new internet-only exclusive Simpson's episode that is only being released to the internet fans". According to FaceTime Security Labs user ends up with 'Kimya.exe' file that is in fact a trojan that among other bad things deposits the infected PC into a Turkish origin botnet.

Thus far Chunkylover53's away message has been changed a couple of times. It's also possible that party behind Chunkylover53 may use botnet to spread malicious messages or urls in IM network. Keeping that possibility in mind infected users are advised to keep an eye on all Instant Messaging activity until they can clean the infection from their computer.

FaceTime Security Labs identifies the trojan as Kimya.

No comments: