Topic: Fake MP3s pose 'signifcant threat'

[Clive]

A new computer Trojan disguised as a media file has been described by security experts as the most significant malware outbreak in three years.

McAfee Avert Labs has discovered more than 360,000 detections of a Trojan horse which hides behind fake music and video files on P2P networks such as Limewire and eDonkey.

When someone attempts to load one of these MP3 and MPG files, they don't get the music or video they were hoping for but are instead instructed to download a file named PLAY_MP3.exe. If you agree to download and run PLAY_MP3.exw, it serves the computer with adware.

Craig Schmugar, a researcher with McAfee, said: "This is one of the most prevalent pieces of malware in the last three years. We have never before had a threat this significant that arrives as a media file."

"In the end you're left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display pop-ups but also to block them, and more adware that successfully displays pop-up and pop-under ads."

According to McAfee, it has rated the threat "medium" risk, the highest risk rating given to a threat since 2005.


www.mcafee.com/uk/

[sam]

this is a new thing??

[Rik]

Well, Clive's only just got rid of his wind up gramophone...

[Clive]

Well, Clive's only just got rid of his wind up gramophone...

Over my dead body! 

[Reno]

The latest generation of malware has gotten down right nasty. I worked on a machine awhile back who's owner had downloaded an updated xp activation registry crack. Testing it installed a rootkit version of vundo which cratered the installation over three days. With so many variants popping up these days its getting practically impossible to recover an installation once a machine get infested.

[mistybear]

this is a new thing??

I doubt anyone here would know Sam. 

[mistybear]

This happened to me this afternoon, when I tried to delete it, a little Comodo warning popped up, Installer.exe asking permission to access the internet.
I have just finished 2 hours of scans, which found nothing but cookies, except this, "There were problems in the include file C:\Program Files\Spybot - Search_Destroy\Includes\TrojansC.sbi" See 'Include errors.log' for details.

I can find the first file, but I don't know where the Include errors.log is. 

And I don't know where the Installer.exe file is either, I did a search, including hidden files, and nothing. 

[Simon]

If you've deleted the rogue file, and blocked it with Comodo, I would think it fairly safe to assume the threat has gone, Kate.  I had one myself the other day, and F-Secure dealt with it.

[mistybear]

Thanks Simon, I get a little paranoid about these things, as I do my banking on this computer. 

Maybe I should leave the other things to Michael, couldn't find what I wanted either, to top things off. 

[Clive]

The main thing is that you didn't give it permission to access the internet.  Glad you managed to sort it out MB.