October 2003
Movie subtitle encloses virus
Romanian virus author uses Tarantino's new success
Bucharest-based antivirus producer, BitDefender, has identified a new backdoor (spying program) which conceals itself in a DIVX movie subtitle archive on the Internet. Details inside the virus body may indicate that the author is a Romanian fan of underground music.
"It tricks users into executing the backdoor, using the name of the movie "Kill Bill". The ZIP file was specially crafted, so most antivirus products will not identify the file inside as executable", Mihai Neagu, Virus Researcher at BitDefender Lab said. "The backdoor sends network and internet passwords, as well as statistical system information by email, to the virus author", Mihai added.
The e-mail message looks like this:
From: BUG_Mafia@as.ro
To: mandaril@as.ro
Subject:#2.02dev
X-Mailer: bugmafia v2.02dev
"There is no reason to believe that there is any connection between the Romanian hip-hop band and the virus writer" says Mihai Radu, Communication Manager for BitDefender. "Still, there was a famous version of SubSeven (the legendary backdoor) which included references to BUG Mafia. The authors of the two viruses might be connected, but this is just speculation, at least at this point", Radu concluded.
BitDefender specialists warned the Internet provider AS.ro about the e-mail addresses BUG_Mafia@as.ro and mandaril@as.ro (the latter, possibly owned by the virus author). As a result of this intervention, the account mandaril@as.ro was deleted from the server. BUG Mafia were unavailable for comments.
"Of course, there may be other infected subtitle archives beside the one already identified, but at this moment, we don't have information on the virus circulation. We also have reason to believe that it will not spread widely", the virus researcher concluded.
"Kill Bill - Vol. 1", directed by Quentin Tarantino and starring Uma Thurman, Lucy Liu and Darryl Hannah, just opened the box-office with a $22.1 million debut (ASSOCIATED PRESS). The movie was rated R for its extreme violence.
All BitDefender users are protected against the new threat since yesterday morning (October 16, 2003).
For details, please contact us or see the technical description.
For permanent protection, BitDefender Antivirus commercial solutions are available for sale at http://www.bitdefender.com/bd/site/buy.php for a
starting price of USD 29.95.
About Bitdefender®
Bitdefender è il creatore di una delle linee di prodotti software per la sicurezza Internet più veloci, efficaci e certificate a livello internazionale. Sin dal 2001, Bitdefender è sempre stato un pioniere del settore, avendo introdotto e sviluppato tecnologie di protezione pluripremiate e innovative. Oggi le tecnologie Bitdefender proteggono l'esperienza digitale di circa 400 milioni di utenti home e corporate in tutto il mondo.
Di recente, la società ha ottenuto una serie di raccomandazioni dalle principali riviste indipendenti del settore negli Stati Uniti, in Inghilterra e in tutta Europa, tra cui ConsumerSearch, Which?, Stiftung Warentest e Taenk. La tecnologia antivirus di Bitdefender ha anche ottenuto i migliori risultati nelle prove di comparazione eseguite da AV Test e AV-Comparatives. Maggiori informazioni su Bitdefender e i suoi prodotti sono disponibili presso il nostro ufficio stampa per le soluzioni di sicurezza. In aggiunta, Bitdefender pubblica il blog Malware City in cui fornisce tutti gli ultimi aggiornamenti sulle minacce alla sicurezza, aiutando gli utenti a restare sempre informati nella propria battaglia quotidiana contro i malware.