A new, fast-spreading Trojan has been detected in more than 500,000 machines in just the last few days, McAfee Avert Labs researchers reported yesterday.

The Trojan, called Downloader-UA.h, appears to the user as a free MP3 player and/or free music files.

"When a user attempts to load one of these MP3 and MPG files, they don’t get the music/video they were hoping for -- instead they’re directed to download a file named PLAY_MP3.exe," McAfee Avert Labs said in a blog. "In fact, the MP3/MPG file they downloaded was completely fake, playing no media clip whatsoever."

In some cases, the user may click on the free MP3 ad and get a fake end user license agreement, McAfee says. If the user agrees to the "license," PlayMP3.exe from PlayMP3z.biz is installed.

"This is simply a browser control wrapped in an [executable file], and doesn’t actually play local MP3 files, but rather loads a Webpage running the Wimpy MP3 Flash player," McAfee says. "This page lets the user listen to a canned selection of a couple dozen songs." Unfortunately, the user also ends up with a bunch of hidden adware, McAfee says.

The Trojan has been detected by more than a third of McAfee's users, the blog says.

"In the end you’re left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display popups, but also to block them, and more adware that successfully displays popup and popunder ads," the researchers say.

— Tim Wilson, Site Editor, Dark Reading