McAfee researchers late Tuesday reported more than 500,000 detections of a Trojan horse masquerading as a music or video file -- a malware outbreak they described as the most significant since 2005.
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
|  | ||||||||||||||||
| |||||||||||||||||
Cybercriminals loaded the rigged MP3 music or MPEG video files onto popular file-sharing services like LimeWire and eDonkey, according to McAfee. Users who download and try to play one of the legitimate-looking files may get ads instead.
McAfee researchers said they tracked more than half a million instances of the Trojan, Downloader-UA.h, on consumer PCs since Friday. They rated the threat a medium risk, and said no other malware has received that high of a risk rating in three years.
"This is one of the most prevalent pieces of malware in the last three years," Craig Schmugar, threat researcher at McAfee Avert Labs, said in a prepared statement. "We have never before had a threat this significant that arrives as a media file."
The files have names in different languages and vary in size. Some names include "t-3545425-lion king portugues.mpg" and "preview-t-3545425-theme godfather.mp3." When a user tries to load one of the files, they don't get music or a video but instead are directed to download a file named PLAY_MP3.exe. If a user agrees to download the file, an end-user license agreement is displayed; if they agree to the EULA, adware and other bogus software is installed, Schmugar said in a blog posting on the Trojan.
"In the end you're left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display popups, but also to block them, and more adware that successfully displays pop-up and pop-under ads," he wrote.