In an old episode of the Simpsons, Homer reveals that his aol account is ‘Chunkylover53′. Someone has gained access to this account and has posted in the away message:

 ’CHECK OUT THE NEW SIMPSONS EPISODE THAT WE’RE ONLY RELEASING TO THE INTERNET AIM FANS! BE THE FIRST TO EXPERIENCE THE MAGIC BY CLICKING THE FOLLOWING LINK: http://d4.myfreefilehosting.com

SELECT RUN, (or RUN from current location) OR save to DESKTOP and DOUBLE CLICK!

ENJOY, AND SEND US YOUR FEEDBACK!‘

This link points towards a kimya.exe (hmm, why would a video file be a windows executable?) My virus scanner shows this to be the trojan Truko-431.

As I doubt Homer Simpson is the kind of guy looking to mess up my system with malware, I wonder what kind of jerk would want to hack him? As I would assume that Matt Groening or one of the other Simpsons cabal created this account, has someone compromised one of their systems?

UPDATE:

Whomever has access to this account is now posting the following away message, probably because the first one was too obvious.


The link is now fixed everyone.

CHECK OUT THE NEW SIMPSONS EPISODE THAT WE’RE ONLY RELEASING TO THE INTERNET AIM FANS! BE THE FIRST TO EXPERIENCE THE MAGIC BY CLICKING THE FOLLOWING LINK: http://66.197.197.101/~ydelcom/Episode439.exe

SELECT RUN, (or RUN from current location) OR save to DESKTOP and DOUBLE CLICK!

If the hyperlink is unavailable to you, you can copy and paste it into your browser.

ENJOY, AND SEND US YOUR FEEDBACK!

I carefully downloaded this file, and it has an identical md5 hash as the originally posted kimya.exe. Are people really this stupid? Doing a whois on the ip address provided the email address abuse@hostnoc.net, and I’ve informed them about their service being used to spam trojan horses. So far exploration on this server hasn’t provided much of interest, but it’s still early.