Media file malware outbreak plagues file-sharing services

McAfee researchers said they detected the most significant outbreak of the Trojan Downloader-UA h on PCs since 2005.

McAfee researchers late Tuesday reported more than 500,000 detections of a Trojan horse masquerading as a music or video file -- a malware outbreak they described as the most significant since 2005.

In the end you're left with a fake MP3 file taking up space, a worthless MP3 player ... and more adware that successfully displays pop-up and pop-under ads.
Craig Schmugar,
threat researcherMcAfee Avert Labs

Cybercriminals loaded the rigged MP3 music or MPEG video files onto popular file-sharing services like LimeWire and eDonkey, according to McAfee. Users who download and try to play one of the legitimate-looking files may get ads instead.

McAfee researchers said they tracked more than half a million instances of the Trojan, Downloader-UA.h, on consumer PCs since Friday. They rated the threat a medium risk, and said no other malware has received that high of a risk rating in three years.

"This is one of the most prevalent pieces of malware in the last three years," Craig Schmugar, threat researcher at McAfee Avert Labs, said in a prepared statement. "We have never before had a threat this significant that arrives as a media file."

The files have names in different languages and vary in size. Some names include "t-3545425-lion king portugues.mpg" and "preview-t-3545425-theme godfather.mp3." When a user tries to load one of the files, they don't get music or a video but instead are directed to download a file named PLAY_MP3.exe. If a user agrees to download the file, an end-user license agreement is displayed; if they agree to the EULA, adware and other bogus software is installed, Schmugar said in a blog posting on the Trojan.

"In the end you're left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display popups, but also to block them, and more adware that successfully displays pop-up and pop-under ads," he wrote.

Dig deeper on Emerging Information Security Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close