subscribe: Daily Newsletter

 

Severe malware threat strikes media files

0 comments

The most severe malware attack in more than three years has seen a Trojan horse disguised as a media file appearing more than half-a-million times. 

McAfee's Avert Labs reports that more than 500 000 instances of the Trojan have been detected on  consumer PCs.
The malicious MP3 music or MPEG video files have appeared on popular file-sharing services such as Limewire and eDonkey.
McAfee rates the threat as a "medium" risk. No other malware has received that risk rating since 2005, with all subsequent threats since then being rated lower on the severity scale.
"This is one of the most prevalent pieces of malware in the last three years," says Craig Schmugar, threat researcher at McAfee Avert Labs. "We have never before had a threat this significant that arrives as a media file."
Cybercrooks loaded hundreds of rigged MP3 and MPEG files on to file-swopping services.
The files are all named differently in multiple languages and vary in size to make them appear like legitimate music or video files. Attempting to play one of the malicious files will trigger the download of an application named "PLAY_MP3.exe" that will serve ads to the infected computer.
McAfee identifies the Trojan horse as "Downloader-UA.h".
Some of the sample names used by the malicious media files include "preview-t-3545425-adult.mpg" ; "preview-t-3545425-changing times earth wind .mp3" ; "preview-t-3545425-girls aloud st trinnians.mp3" ; "preview-t-3545425-jij bent zo jeroen van den.mp3" ; "t-3545425-lion king portugues.mpg" and "t-3545425-los padres de ella.mpg".