Article

Media file malware outbreak plagues file-sharing services

SearchSecurity.com Staff

McAfee researchers late Tuesday reported more than 500,000 detections of a Trojan horse masquerading as a music or video file -- a malware outbreak they described as the most significant since 2005.

    Requires Free Membership to View

In the end you're left with a fake MP3 file taking up space, a worthless MP3 player ... and more adware that successfully displays pop-up and pop-under ads.
Craig Schmugar,
threat researcherMcAfee Avert Labs

Cybercriminals loaded the rigged MP3 music or MPEG video files onto popular file-sharing services like LimeWire and eDonkey, according to McAfee. Users who download and try to play one of the legitimate-looking files may get ads instead.

McAfee researchers said they tracked more than half a million instances of the Trojan, Downloader-UA.h, on consumer PCs since Friday. They rated the threat a medium risk, and said no other malware has received that high of a risk rating in three years.

"This is one of the most prevalent pieces of malware in the last three years," Craig Schmugar, threat researcher at McAfee Avert Labs, said in a prepared statement. "We have never before had a threat this significant that arrives as a media file."

The files have names in different languages and vary in size. Some names include "t-3545425-lion king portugues.mpg" and "preview-t-3545425-theme godfather.mp3." When a user tries to load one of the files, they don't get music or a video but instead are directed to download a file named PLAY_MP3.exe. If a user agrees to download the file, an end-user license agreement is displayed; if they agree to the EULA, adware and other bogus software is installed, Schmugar said in a blog posting on the Trojan.

"In the end you're left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display popups, but also to block them, and more adware that successfully displays pop-up and pop-under ads," he wrote.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: