We have already observed that malware creators use any event, “true or fake” news as a social engineering technique to deceive users and install malware in their systems. One of the latest tricks we have seen is the use of one detail mentioned in one of the Simpsons episode, more specifically in Season 14 / 14-8 / EABF03 / The Dad Who Knew Too Little.
In this episode, Homer Simpson reveals that his email address is "chunkylover53@aol.com", and just as matter of interest, this address was actually registered by one of its producers, answering users as if he were Homer himself. For this reason, it is no wonder that many fans have added this address as a contact in their email service.
However, it seems that there are certain AOL accounts that are passing themselves off as the identity of Chunkylover53, in order to deceive users and make them follow a link to infect their computers with a malicious code which is being distributed with the following message via the instant messaging program AIM:
The malware has been detected as Bck/Turkojan.I, as it is a variant created with the Constructor/Turkojan mentioned previously in this blog.