News

Major media malware attack breaks out on file-sharing networks

Antony Savvas

McAfee has reported "the most significant malware outbreak in three years," with more than 500,000 detections of a Trojan horse masquerading as a media file.

Since Friday 2 May, more than 500,000 instances of the Trojan have been detected on PCs.

The malicious MP3 music or Mpeg video files have appeared on popular file-sharing services such as Limewire and eDonkey. Firms should be concerned as employees often access such file-sharing networks on corporate machines.

Security software firm McAfee rates the threat as a "medium" risk. No other malware has received that risk rating since 2005. All other threats since then have been rated lower on the severity scale.

"This is one of the most prevalent pieces of malware in the past three years," said Craig Schmugar, threat researcher at McAfee Avert Labs. "We have never before had a threat this significant that arrives as a media file."

Cybercrooks have loaded hundreds of rigged MP3 and Mpeg files on to file-swapping services. The files are all named differently in multiple languages, and vary in size to make them appear like legitimate music or video files.

Attempting to play one of the malicious files will trigger the download of an application named "PLAY_MP3.exe", which will serve ads to the infected computer.

McAfee identifies the Trojan horse as "Downloader-UA.h."

Some of the sample names used by the malicious media files include "preview-t-3545425-adult.mpg", "preview-t-3545425-changing times earth wind.mp3", "preview-t-3545425-girls aloud st trinnians.mp3", "preview-t-3545425-jij bent zo jeroen van den.mp3", "t-3545425-lion king portugues.mpg" and "t-3545425-los padres de ella.mpg".





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy