Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Fake music, video files spread malware on P2P, says McAfee

By Ed Oswald, BetaNews

May 7, 2008, 5:24 PM

McAfee is warning file-sharers that they may be at risk due to a Trojan horse posing as an MP3 or MPEG file.

The security firm said Tuesday that it had detected a half million instances of the malware since Friday, dubbed "Downloader-UA.h." It is calling the incident the most significant malware outbreak in three years.

A check of McAfee's virus map showed the majority of infections have occurred in the US during the past 24 hours, although high rates of infection are being reported in Mexico, Venezuela, Brazil, Australia, and much of Western Europe.

It appears as if the files are located on Gnutella and Limewire under a variety of names. When loaded, the file redirects through the player to a download of a file called PLAY_MP3.exe.

Once this file loads, it shows up a EULA, and if accepted, the files "FBrowsingAdvisor" and "SurfingEnhancer" are installed. The file PlayMP3.exe is also installed, but instead of it being an actual local MP3 player, the application loads up a webpage with the Wimpy Flash MP3 player with several dozen songs available.

The two previous files are believed to load some type of adware, which instead of blocking popups like the EULA claims deliver them to the end user.

McAfee rated the issue a "medium" risk, the first time its given any piece of malware such a high rating since 2005.

Add a Comment

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By TheWar

posted May 8, 2008 - 1:12 PM

Who even uses McAfee? Its just as bad as Nortan...

Score: 0

By Program86

posted May 8, 2008 - 11:57 AM

oooooooooooooooo

I'm shakin' in my boots... hahahaha

Score: 0

By Joco

posted May 8, 2008 - 10:44 AM

How come an MP3 file can start another process to download and install something?

Score: 0

By Neoprimal

posted May 8, 2008 - 12:22 PM

So glib PC, jebus.

Joco in reference to "When loaded, the file redirects through the player to a download of a file called PLAY_MP3.exe"

The file is fake as the article mentions, so it's probably coded through script to load a webpage and download that file when the file is 'played'. It's not a real mp3 at all so obviously you don't hear anything when you 'play' it.

Score: 0

By PC_Tool

posted May 8, 2008 - 4:39 PM

Don't blame jebus, he had nothing to do with it. 100% on me, man. ;)

Score: 0

By PC_Tool

posted May 8, 2008 - 11:20 AM

Read the article, Joco.

PLAY_MP3.exe

Score: 0

By Joco

posted May 8, 2008 - 4:24 PM

Thanks for your reply. You would be surprise that I did read the article.

It is confusing. And I honestly wonder if you had read and understood the article. It said "It appears as if the files are located on Gnutella and Limewire under a variety of names. When loaded, the file redirects through the player to a download of a file called PLAY_MP3.exe."

The song I wanted is, let's say "Hotel California.mp3". That would be exactly that file that I would download. Even if it's fake, then that would play some gibberish sounds within Foobar. What I don't understand is that the PLAY_MP3.exe got into the computer when the media player plays the mp3.

Score: 0

By PC_Tool

posted May 8, 2008 - 4:39 PM

Ya got me.

I skimmed and got "download of a file called PLAY_MP3.exe."

;)

Regardless, it would have to be an executable or script file (not a .mp3/.wma) file as I understand it. AFAIK, .com, .exe, and certain script extensions (none of which are .mp3, or .wma) can actually execute code.

Now...

...if a malformed audio file (say, with bad metadata?) ran in a player that for some asinine reason ran scripts, or took cues from the Metadata, it could wreak havok with the player, but even then, that'd be pretty hard to accomplish.

If Ed could have given an example or two of the names in questionm we would not only have something to watch out for it would clear up a lot of this confusion.

Score: 0

By ingram091

edited May 8, 2008 - 4:01 AM

Like DUR the MPAA and RIAA and other people that wish users harm has been doing this very thing for years already. lol Ahh well Not that it matters much anymore anyway.

I know so few people getting things this way now, it almost seems as obsolete as Napster is... There are so many better ways now to get music and TV Show files to keep legal or not, that are still under the radar, and lots more Secure packet wise... The MPAA RIAA is still playing catchup. like a big wack a mole game...

People that appricate the content Buy it when it becomes available in an acceptable medium (alla DVD CD whatever). If they do not they never will. thats just the way it is. and always will be.

Score: 0

By treworld

posted May 7, 2008 - 9:41 PM

LOL. This is proof that McAfee sucks. They're just learning that now???? WTF.

Score: 0

By Paul Skinner

posted May 7, 2008 - 5:37 PM

Christ.
This sort of thing has been happening since 2003, if not earlier.

Basically, if you're a complete computer n00b, be afraid; if not, as we here at BetaNews aren't, this is old and repetative news.

Score: 0

By BrokenHALO

posted May 7, 2008 - 6:20 PM

No kidding....

THIS JUST IN!!!

Betanews has just learned that the "lost" dead relative in Nigeria, is not real!!!

Score: 0

By PC_Tool

posted May 7, 2008 - 6:23 PM

Seriously.

I half expected the story to being with:

Dateline: 1996.

Score: 0

By BrokenHALO

posted May 7, 2008 - 6:56 PM

Wait a second!!! You mean last nights episode of Lost in HD thats only 278kb is malware???

Crazy times we live in!

Score: 0

By PC_Tool

posted May 8, 2008 - 8:55 AM

lmao...

That's nothing. I found a pre-air copy of next week's in 1080p that was only 36k. I'm sure it's just a link-file telling me how to download the rest of it...

...right?

Score: 0

By BrokenHALO

posted May 8, 2008 - 12:58 PM

lol...

You know as much as we get a kick out of it, there are people that just don't know. To us it probably is like saying the sky is blu, but I guess we're not everybody.

Score: 0

By PC_Tool

posted May 8, 2008 - 4:32 PM

The world would definitely be an interesting place if they were. ;)

Score: 0

May 15 - 6:27 PM ET Philadelphia takes a pass on saving muni Wi-Fi network

May 15 - 6:21 PM ET Tiny game controller company wrests $21 M from giant Nintendo

May 15 - 5:50 PM ET Beta test of a wireless headset for office workers

May 15 - 5:34 PM ET On second thought, Facebook opts out of Google 'Friend Connect' for now

May 15 - 5:18 PM ET A hundred bucks turns a BlackBerry into a Garmin navigator

May 15 - 5:00 PM ET WD unveils a hard drive expansion kit for Dish Network DVRs

May 15 - 4:42 PM ET That didn't take long: DTV coalition says field tests are already done

May 15 - 4:18 PM ET Xbox 360 sells 10 million in US, Wii not far behind

May 15 - 4:13 PM ET EU agency is 'confident' Google Maps will alter Street View

May 15 - 3:54 PM ET New API enables Google Maps to be embedded in Flash apps