New Trojan Masquerades as Free MP3 Player
More than 500,000 users have detected new threat
A new, fast-spreading Trojan has been detected in more than 500,000 machines in just the last few days, McAfee Avert Labs researchers reported yesterday.
The Trojan, called Downloader-UA.h, appears to the user as a free MP3 player and/or free music files.
"When a user attempts to load one of these MP3 and MPG files, they don’t get the music/video they were hoping for -- instead they’re directed to download a file named PLAY_MP3.exe," McAfee Avert Labs said in a blog. "In fact, the MP3/MPG file they downloaded was completely fake, playing no media clip whatsoever."
In some cases, the user may click on the free MP3 ad and get a fake end user license agreement, McAfee says. If the user agrees to the "license," PlayMP3.exe from PlayMP3z.biz is installed.
"This is simply a browser control wrapped in an [executable file], and doesn’t actually play local MP3 files, but rather loads a Webpage running the Wimpy MP3 Flash player," McAfee says. "This page lets the user listen to a canned selection of a couple dozen songs." Unfortunately, the user also ends up with a bunch of hidden adware, McAfee says.
The Trojan has been detected by more than a third of McAfee's users, the blog says.
"In the end you’re left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display popups, but also to block them, and more adware that successfully displays popup and popunder ads," the researchers say.
— Tim Wilson, Site Editor, Dark Reading
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
Sep 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
Sep 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
Oct 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024