File-sharing Networks Flooded by Malware

A report coming from security vendor McAfee puts file-sharing users on guard – after detecting 500,000 Trojan malware (the largest outbreak of malware for quite some time) populating p2p clients like eDonkey and Limewire, the company issued a warning concerning fake MP3 and video files “slipped” onto file sharing networks.

Once the Trojan, dubbed Downloader-UA.h by McAfee, gets all comfy on your PC, running it will activate the download of additional components (an application with the name "PLAY_MP3.exe") which in turn will set off an avalanche of ads on your (now) infected computer.

A McAfee Avert Labs, threat researcher, Craig Schmugar gives details about the situation saying that if users make the mistake of downloading and running the executable they are in fact asked to agree to a bogus end user license agreement and some other useless software.

Schmugar added that the Trojan puts in a browser control that runs a supposed music player which actually loads a Flash-based player on a web page that plays a limited number of tracks.

Once this malware got very successful in invading networks, it's only to be expected copycats attacks to follow. The threat might turn in a nightmare if some of the more sophisticated malware authors create a combination of operations and some sort of rapidly developed zero-day exploit.

Here are some of the sample names the phony media files use:

"preview-t-3545425-adult.mpg", "preview-t-3545425-changing times earth wind.mp3", "preview-t-3545425-girls aloud st trinnians.mp3", "preview-t-3545425-jij bent zo jeroen van den.mp3", "t-3545425-lion king portugues.mpg" and "t-3545425-los padres de ella.mpg".

The malware received a "medium" risk rating from McAfee (a rating which no other malware managed to “achieve” since 2005).