A new, fast-spreading Trojan has been detected in more than 500,000 machines in just the last few days, McAfee Avert Labs researchers reported yesterday.
The Trojan, called Downloader-UA.h, appears to the user as a free MP3 player and/or free music files.
"When a user attempts to load one of these MP3 and MPG files, they dont get the music/video they were hoping for -- instead theyre directed to download a file named PLAY_MP3.exe," McAfee Avert Labs said in a blog. "In fact, the MP3/MPG file they downloaded was completely fake, playing no media clip whatsoever."
In some cases, the user may click on the free MP3 ad and get a fake end user license agreement, McAfee says. If the user agrees to the "license," PlayMP3.exe from PlayMP3z.biz is installed.
"This is simply a browser control wrapped in an [executable file], and doesnt actually play local MP3 files, but rather loads a Webpage running the Wimpy MP3 Flash player," McAfee says. "This page lets the user listen to a canned selection of a couple dozen songs." Unfortunately, the user also ends up with a bunch of hidden adware, McAfee says.
The Trojan has been detected by more than a third of McAfee's users, the blog says."In the end youre left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display popups, but also to block them, and more adware that successfully displays popup and popunder ads," the researchers say.
Tim Wilson, Site Editor, Dark Reading