McAfee researchers late Tuesday reported more than 500,000 detections of a Trojan horse masquerading as a music or video file -- a malware outbreak they described as the most significant since 2005.
Cybercriminals loaded the rigged MP3 music or MPEG video files onto popular file-sharing services like LimeWire and eDonkey, according to McAfee. Users who download and try to play one of the legitimate-looking files may get ads instead.
McAfee researchers said they tracked more than half a million instances of the Trojan, Downloader-UA.h, on consumer PCs since Friday. They rated the threat a medium risk, and said no other malware has received that high of a risk rating in three years.
"This is one of the most prevalent pieces of malware in the last three years," Craig Schmugar, threat researcher at McAfee Avert Labs, said in a prepared statement. "We have never before had a threat this significant that arrives as a media file."
The files have names in different languages and vary in size. Some names include "t-3545425-lion king portugues.mpg" and "preview-t-3545425-theme godfather.mp3." When a user tries to load one of the files, they don't get music or a video but instead are directed to download a file named PLAY_MP3.exe. If a user agrees to download the file, an end-user license agreement is displayed; if they agree to the EULA, adware and other bogus software is installed, Schmugar said in a blog posting on the Trojan.
"In the end you're left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display popups, but also to block them, and more adware that successfully displays pop-up and pop-under ads," he wrote.