An screen name once connected to animated TV dad Homer Simpson is being used to spread malware. In a 2003 episode of The Simpsons, writers revealed that Homer’s e-mail address was firstname.lastname@example.org. Prior to the episode’s airing, the address was registered by one of the show’s writers, who used it to answer hundreds of e-mails from Simpsons fans.
Years later, the chunkylover53 screen name has resurfaced, and it’s now being used to distribute a trojan disguised as a Simpsons movie file.
According to FaceTime malware research director Chris Boyd, chunkylover53 is sending out auto-reply messages to users which promises a special exclusive episode of the show available for download. The link in the message leads to an executable file. Upon launching the trojan, the user is presented with a fake error message which is followed by several real error messages and, finally, a blank screen. Upon restarting, the system will run noticeable slower and be prone to crashes.
Boyd found that the malicious payload delivered by the trojan includes a rootkit and remote control software which logs the user in a botnet. The malware was traced back to Kimya, a Turkish botnet which has been infecting machines for the last four months.