Homer Simpson accused of spreading malware

An screen name once connected to animated TV dad Homer Simpson is being used to spread malware.

In a 2003 episode of The Simpsons, writers revealed that Homer's e-mail address was chunkylover53@aol.com. Prior to the episode's airing, the address was registered by one of the show's writers, who used it to answer hundreds of e-mails from Simpsons fans.

Years later, the chunkylover53 screen name has resurfaced, and it's now being used to distribute a trojan disguised as a Simpsons movie file.

According to FaceTime malware research director Chris Boyd, chunkylover53 is sending out auto-reply messages to users which promises a special exclusive episode of the show available for download. The link in the message leads to an executable file.

Upon launching the trojan, the user is presented with a fake error message which is followed by several real error messages and, finally, a blank screen. Upon restarting, the system will run noticeable slower and be prone to crashes.

Boyd found that the malicious payload delivered by the trojan includes a rootkit and remote control software which logs the user in a botnet. The malware was traced back to Kimya, a Turkish botnet which has been infecting machines for the last four months.

The researcher told vnunet.com that it was unclear whether the malware operators have taken control of the chunkylover AOL account, or simply registered the screen name as an instant messenger account. AOL did return a request for comment on the matter.

Though the malware is currently only being spread by the chunkylover53 user name, Boys warns that the botnet itself could easily be called on to launch a much larger malware attack in the future.

"For now, this is a good reminder to be cautious when randomly adding cool things seen on TV and film to your online applications," said Boyd.

"You can't always assume the person at the other end is entirely in control, or indeed, related to what you're looking for in the first place."