Feeds

‘Kill Bill’ Trojan fails to rack up body count

Low risk malware poses as movie subtitle file

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

A new backdoor (spying program) which poses as a DivX file containing subtitles from the latest Quentin Tarantino film Kill Bill has been spotted on the Net.

The low-spreading Manda-A (AKA PWSteal.Salira) Trojan arrives as a .RAR archive with a malformed header. This archive, 35347 bytes in size, has a movie subtitle name Kill Bill.

Subtitles are used alongside DivX movie clip files to enable foreign language speakers to follow the plot of a film.

As a social engineering trick, sending infectious files that pose as movie subtitles would seem to be of questionable effectiveness. Indeed very few copies of the Trojan have been spotted so far, making Manda more of a curious nuisance than a serious threat.

Which is just as well, as the Trojan payload contained in Manda is quite nasty, according to BitDefender. The Romanian AV firm warns that some badly-configured archivers may execute the Trojan on a simple archive view.

"It tricks users into executing the backdoor, using the name of the movie 'Kill Bill'. The ZIP file was specially crafted, so most antivirus products will not identify the file inside as executable," said Patrick Vicol, virus researcher at BitDefender Lab.

"The backdoor sends network and internet passwords, as well as statistical system information by email, to the virus author", he added.

Details inside the virus body may indicate that the author is a Romanian fan of underground music, according to BitDefender. A technical description of the Trojan can be found here or from Symantec here. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.