Feb 8, 2009

MALWARE IN MUSIC OR VIDEO FILES

There's a simple way to include malicious content in music or video files. The file can then be simply linked from a webpage. The link can even be hidden. To see a demo, download and run example.mp3 -- you can trust me, I'm a grandfather -- to see a convincing but perfectly safe demonstration. (*.mp3 is a popular compressed file format used for music.)
You'll need Windows Media Player to play the sound and see the results. In addition to the music, three more browser windows will open -- unless you have your security settings set too high. These windows will just display some perfectly safe content. If this little file can do that, just imagine what a crook or malcontent could do with a file they concoct.

McAfee is warning file-sharers that they may be at risk due to a Trojan horse posing as an MP3 or MPEG file.

The security firm said Tuesday that it had detected a half million instances of the malware since Friday, dubbed "Downloader-UA.h." It is calling the incident the most significant malware outbreak in three years.
A check of McAfee's virus map showed the majority of infections have occurred in the US during the past 24 hours, although high rates of infection are being reported in Mexico, Venezuela, Brazil, Australia, and much of Western Europe.

It appears as if the files are located on Gnutella and Limewire under a variety of names. When loaded, the file redirects through the player to a download of a file called PLAY_MP3.exe.

Once this file loads, it shows up a EULA, and if accepted, the files "FBrowsingAdvisor" and "SurfingEnhancer" are installed. The file PlayMP3.exe is also installed, but instead of it being an actual local MP3 player, the application loads up a webpage with the Wimpy Flash MP3 player with several dozen songs available.

The two previous files are believed to load some type of adware, which instead of blocking popups like the EULA claims deliver them to the end user.

McAfee rated the issue a "medium" risk, the first time its given any piece of malware such a high rating since 2005.

No comments:

Post a Comment