Movie subtitle encloses virus

October 2003


Romanian virus author uses Tarantino's new success

Bucharest-based antivirus producer, BitDefender, has identified a new backdoor (spying program) which conceals itself in a DIVX movie subtitle archive on the Internet. Details inside the virus body may indicate that the author is a Romanian fan of underground music.

"It tricks users into executing the backdoor, using the name of the movie "Kill Bill". The ZIP file was specially crafted, so most antivirus products will not identify the file inside as executable", Mihai Neagu, Virus Researcher at BitDefender Lab said. "The backdoor sends network and internet passwords, as well as statistical system information by email, to the virus author", Mihai added.

The e-mail message looks like this:

From: BUG_Mafia@as.ro
To: mandaril@as.ro
Subject:#2.02dev
X-Mailer: bugmafia v2.02dev

"There is no reason to believe that there is any connection between the Romanian hip-hop band and the virus writer" says Mihai Radu, Communication Manager for BitDefender. "Still, there was a famous version of SubSeven (the legendary backdoor) which included references to BUG Mafia. The authors of the two viruses might be connected, but this is just speculation, at least at this point", Radu concluded.

BitDefender specialists warned the Internet provider AS.ro about the e-mail addresses BUG_Mafia@as.ro and mandaril@as.ro (the latter, possibly owned by the virus author). As a result of this intervention, the account mandaril@as.ro was deleted from the server. BUG Mafia were unavailable for comments.

"Of course, there may be other infected subtitle archives beside the one already identified, but at this moment, we don't have information on the virus circulation. We also have reason to believe that it will not spread widely", the virus researcher concluded.

"Kill Bill - Vol. 1", directed by Quentin Tarantino and starring Uma Thurman, Lucy Liu and Darryl Hannah, just opened the box-office with a $22.1 million debut (ASSOCIATED PRESS). The movie was rated R for its extreme violence.

All BitDefender users are protected against the new threat since yesterday morning (October 16, 2003).

For details, please contact us or see the technical description.

For permanent protection, BitDefender Antivirus commercial solutions are available for sale at http://www.bitdefender.com/bd/site/buy.php for a
starting price of USD 29.95.


Share This ON: