Those of you who might hypothetically find yourselves surfing around on LimeWire searching for the latest in free, legal, P2P downloads may want to pay a bit more
attention to the files you download. According to Craig Schmugar at McAfee's Avert Labs, there's a new trojan (Downloader-UA.h) on the loose that's masquerading as an MP3 or MPG file. The list
of infected files below was originally compiled by Schmugar, and it's not a bad idea to check them out if you regularly search for "user-created" video. Not that any of you
actually do that sort of thing, of course, but you might know someone who does. Err, did. Back in the 90s.
- preview-t-3545425-adult.mpg
- preview-t-3545425-changing times earth wind .mp3
- preview-t-3545425-girls aloud st trinnians.mp3
- preview-t-3545425-heartbroken fast t2 ft jodie.mp3
- preview-t-3545425-jij bent zo jeroen van den.mp3
- preview-t-3545425-meet bambi in kings harem.mp3
- preview-t-3545425-middle eastern chick.mpg
- preview-t-3545425-paint me bunmingham.mp3
- preview-t-3545425-paralyized by you.mp3
- preview-t-3545425-pull over levert.mp3
- preview-t-3545425-say it right remix.mp3
- preview-t-3545425-st trinnians girls aloud.mp3
- preview-t-3545425-theme godfather.mp3
- t-3545425-bentley bizzle.mp3
- t-3545425-dx vs randi orton 2007.mpg
- t-3545425-haloween special.mp3
- t-3545425-just got lucky.mp3
- t-3545425-lion king portugues.mpg
- t-3545425-los padres de ella.mpg
- t-3545425-para sayo freestyle.mp3
- t-3545425-peanut butter jelly amende.mp3
- t-3545425-stare at sun thrice.mp3
- t-3545425-suicide bride dana.mp3
- t-3545425-wayne and jane.mp3
Download and attempt to view the fake file, and you'll be prompted to install PLAY_MP3.exe instead. Ordinarily, this would be the point at which a hapless end-user would click "Yes," and said trojan would install itself. In this case, however, Play_MP3 actually prompts you to read and affirm your understanding of the malware's EULA. Yes, Virgina, malware authors now have EULAs—what's next, corporate sponsorship?
Read the EULA, click next, and the system installs two pieces of malware McAfee identifies as "FBrowsingAdvisor" and "SurfingEnhancer." Needless to say, neither piece of software functions as advertised, the system in question is now stuffed with adware applications that will undoubtedly "help" by downloading and installing more of their ilk—and the MP3 player doesn't even work!
This particular trojan is more annoying than directly harmful, but the speed at which its spreading has McAfee concerned. Users have obviously fallen for the trojan's social engineering tactics, which implies we could see copycat attacks appearing in a very short amount of time. Adware isn't necessarily all that difficult to neutralize, but botnet trojans, keyloggers, and downloaders are all capable of doing far more damage even if they only remain active for a short amount of time. We know our readers are too tech savvy to fall for such attacks, but tell your friends and family to keep an eye out for this attack—or variations of it—and download safely.
reader comments