Trojan adware hiding in MP3s, McAfee says

Adware pushers have found a new way to trick you into downloading their annoying
products: fake MP3 files.

On Tuesday, security vendor McAfee reported that it's seen a huge spike in
fake MP3 files spreading on peer-to-peer networks. Although the files have names
that make them look like audio recordings, they're really Trojan horse programs
that try to install a shoddy media player and adware on your computer, said
Craig Schmugar, a researcher with McAfee.

"Once you run it, there is no content. You're taken to this site to install
this player which you don't really need," he said.

Fake file names include: preview-t-3545425-changing times earth wind .mp3 and
t-3545425-just got lucky.mp3. Schmugar listed more filenames, as well as details
on the adware, in a Tuesday
blog posting.

Users are first asked to OK an end-user license agreement before the Trojan installs the Mirar toolbar and two other components, called FBrowsingAdvisor & SurfingEnhancer.

Ironically, while Mirar tells users that it doesn't display popups, the FBrowsingAdvisor & SurfingEnhancer software do deliver popup ads, so users who do not realize that they are installing several programs might feel tricked, Schmugar said. "You have a Window telling you that there are no popups and right behind it is a popup."

Although McAfee has seen some nasty software disguising itself as media files
in the past, it has never seen anything on this scale, Schmugar said. Over the
past 24 hours, nearly a third of the McAfee customers who reported data back
to the security company have detected these files, he said.

In the past few days McAfee has spotted the files on more than 360,000 users'
desktops.

IDG News Service

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine