Channel Register

Original URL: http://www.channelregister.co.uk/2008/05/07/mp3_trojan_blitz/

Rogue MP3 Trojan streaks across P2P networks

By John Leyden
Published Wednesday 7th May 2008 12:54 GMT

Hundreds of thousands of examples of a new Trojan that poses as a media file have flooded onto P2P networks.

Since Friday 2 May more than half a million instances of the Trojan have been detected on consumer PCs, according to net security firm McAfee. The anti-virus firm reports the spread of the Downloader-UA.h Trojan as the most significant malware outbreak in the last three years.

The Trojan is being used to serve ads onto contaminated PCs as part of an apparent money-making scam.

McAfee reckons miscreants loaded hundreds of rigged MP3 and MPEG files onto popular file-swapping services such as Limewire and eDonkey. The files are all named differently (in multiple languages) and vary in size in order to make them appear like legitimate music or video files. Attempting to play one of the malicious files will trigger the download of an application named "PLAY_MP3.exe" that serves ads onto infected Windows PCs.

McAfee rates the threat "medium" risk. No other malware has received that risk rating since 2005. It advises consumers to adopt safe surfing practices, such as running up-to-date security software and taking care in downloading content from untrusted sources to avoid getting hit.

A blog posting by McAfee Avert Labs threat researcher Craig Schmugar, explaining the threat in greater detail, can be found here (http://www.avertlabs.com/research/blog/index.php/2008/05/06/fake-mp3s-running-rampant). ®

© Copyright 2008