Fake MP3's Infecting Computers With Malware

Many fake MP3 files contain an infection such as the Downloader-UA.h Trojan.

A countless number of computer users have downloaded MP3 or various video files from popular P2P networks only to find out that the file downloaded is not a legitimate music or video file. Many times we search P2P (peer 2 peer) networks or client applications such as limewire or bit-torrent sites in an attempt to find a certain shared media file or files. Whether it be a MP3, WMA or AVI file, we are finding that a large number of downloads are infected with a form of malware that may install dangerous software or files onto your computer.

How do you know if a MP3 file is infected?

Have you ever downloaded an MP3 file that was titled just like it should be but when you attempted to open the file you were prompted with a message stating that the format does not match the extension of the file you are attempting to open, open anyway? A number of times this is a clear sign that the file you just downloaded is not what you are looking for. The file is either corrupted or in most cases some form of a Trojan, malware, spyware or virus infection. When you proceed to select "yes" this gives the file permission to install infected files or malicious applications onto your computer.

Based on the detection rates from McAfee Avert Labs on a segment of VirusScan consumers who opted to report their detections, approximately 500,000 unique systems have reported certain types of Trojan media files on their computer in just the last few days. This further goes on to show that a large number of computers are falling victim to this type of malware distribution scheme. Hackers are well known to purposely spread malware through the means of MP3's and other multimedia files on the internet. We must learn about the latest threats and behaviors of infections to keep them to a minimum and safeguard our computers.

Video Demonstration

Below is a video demonstration from McAfee Avert Labs Blog showing how the Downloader-UA.h Trojan infects a computer through a downloaded MP3 file. The Downloader-UA.h is known to infect computer users through MP3 files downloaded over P2P networks and client applications that share media files such as fastmp3player.com.


Downloader-UA.h Trojan Demo from Schmooog on Vimeo.

[source: avertlabs.com]

A list of adware packages associated with fake MP3 files:

Adware-BB
Adware-Beginto
Adware-Isearch
Adware-Mirar
Adware-SrchExplorer
Adware-Zeno

Domains that may be linked from various MP3 or other media files:

mediaprovider.info
missing-codecs.com
seonomad.com
vidscentral.net

Tags: .