Rogue MP3 Trojan streaks across P2P networks

Worst viral outbreak in three years

64 Reg comments Got Tips?

Hundreds of thousands of examples of a new Trojan that poses as a media file have flooded onto P2P networks.

Since Friday 2 May more than half a million instances of the Trojan have been detected on consumer PCs, according to net security firm McAfee. The anti-virus firm reports the spread of the Downloader-UA.h Trojan as the most significant malware outbreak in the last three years.

The Trojan is being used to serve ads onto contaminated PCs as part of an apparent money-making scam.

McAfee reckons miscreants loaded hundreds of rigged MP3 and MPEG files onto popular file-swapping services such as Limewire and eDonkey. The files are all named differently (in multiple languages) and vary in size in order to make them appear like legitimate music or video files. Attempting to play one of the malicious files will trigger the download of an application named "PLAY_MP3.exe" that serves ads onto infected Windows PCs.

McAfee rates the threat "medium" risk. No other malware has received that risk rating since 2005. It advises consumers to adopt safe surfing practices, such as running up-to-date security software and taking care in downloading content from untrusted sources to avoid getting hit.

A blog posting by McAfee Avert Labs threat researcher Craig Schmugar, explaining the threat in greater detail, can be found here. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

Malicious code ousted from PureScript's npm installer – but who put it there in the first place?

Account hijacking claimed by some but it may just be a developer behaving badly

Twilio: Someone waltzed into our unsecured AWS S3 silo, added dodgy code to our JavaScript SDK for customers

Exclusive API dev kit remained modified for hours, says source

Another day, another Google cull: Chocolate Factory axes 49 malicious Chrome extensions from web store

Ongoing Chrome Web Store security saga deftly straddles tragedy and farce

One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch

Zero-click remote-code exec hole found by Googler, updates emitted

Three words you do not want to hear regarding a 'secure browser' called SafePay... Remote. Code. Execution

How Bitdefender's security software was caught napping by ad-block bod

Old-school security hole perfect for worms and remote hijackings found lurking in Windows Server DNS code

Mega Patch Tuesday You'll want to patch that – and all these other bugs fixed by Microsoft, Oracle, Adobe, VMware, SAP, Google

Make sure you've patched your F5 BIG-IP gear. Exploit code for scary bug pair is so trivial, it fits in a tweet

In Brief Plus: What? No. No way. People would just do that? Go on Tor and use it to commit crimes?

Mind the gap: Google patches holes in Chrome – exploit already out there for one of them after duo spot code fix

Pair engineer malicious code from public source tweak before official binary releases

Biting the hand that feeds IT © 1998–2020