October 2003
Movie subtitle encloses virus
Romanian virus author uses Tarantino's new success
Bucharest-based antivirus producer, BitDefender, has identified a new backdoor (spying program) which conceals itself in a DIVX movie subtitle archive on the Internet. Details inside the virus body may indicate that the author is a Romanian fan of underground music.
"It tricks users into executing the backdoor, using the name of the movie "Kill Bill". The ZIP file was specially crafted, so most antivirus products will not identify the file inside as executable", Mihai Neagu, Virus Researcher at BitDefender Lab said. "The backdoor sends network and internet passwords, as well as statistical system information by email, to the virus author", Mihai added.
The e-mail message looks like this:
From: BUG_Mafia@as.ro
To: mandaril@as.ro
Subject:#2.02dev
X-Mailer: bugmafia v2.02dev
"There is no reason to believe that there is any connection between the Romanian hip-hop band and the virus writer" says Mihai Radu, Communication Manager for BitDefender. "Still, there was a famous version of SubSeven (the legendary backdoor) which included references to BUG Mafia. The authors of the two viruses might be connected, but this is just speculation, at least at this point", Radu concluded.
BitDefender specialists warned the Internet provider AS.ro about the e-mail addresses BUG_Mafia@as.ro and mandaril@as.ro (the latter, possibly owned by the virus author). As a result of this intervention, the account mandaril@as.ro was deleted from the server. BUG Mafia were unavailable for comments.
"Of course, there may be other infected subtitle archives beside the one already identified, but at this moment, we don't have information on the virus circulation. We also have reason to believe that it will not spread widely", the virus researcher concluded.
"Kill Bill - Vol. 1", directed by Quentin Tarantino and starring Uma Thurman, Lucy Liu and Darryl Hannah, just opened the box-office with a $22.1 million debut (ASSOCIATED PRESS). The movie was rated R for its extreme violence.
All BitDefender users are protected against the new threat since yesterday morning (October 16, 2003).
For details, please contact us or see the technical description.
For permanent protection, BitDefender Antivirus commercial solutions are available for sale at http://www.bitdefender.com/bd/site/buy.php for a
starting price of USD 29.95.
About Bitdefender®
Bitdefender a créé l'une des gammes de logiciels de sécurité certifiés les plus rapides et les plus efficaces de l'industrie à l'échelle internationale. Depuis 2001, Bitdefender est un pionnier de l'industrie, qui introduit et développe des technologies de protection récompensées par de nombreux prix. Bitdefender protège environ 400 millions de particuliers et de professionnels du monde entier.
Les produits de l'entreprise ont été recommandés récemment par de nombreux organismes indépendants aux États-Unis, au Royaume-Uni et en Europe, parmi lesquels ConsumerSearch, Which?, Stiftung Warentest et Taenk. La technologie antivirus de Bitdefender est également arrivée en tête des tests réalisés par des organismes majeurs de l'industrie, AV Test et AV-Comparatives. Plus d’informations sur Bitdefender et ses solutions sont disponibles via le Centre de ressources. Retrouvez également sur le site de Malware City les dernières actualités au sujet des menaces de sécurité qui permettent aux utilisateurs de rester informés des évolutions de la lutte contre les malwares.