Consumers are being warned that they may get an ad instead of a music or video file on several file-sharing sites in what security firm McAfee says is the most significant malware outbreak in three years.
McAfee Avert Labs reported on Tuesday that more than 500,000 detections of a Trojan horse masquerading as a media file have been found on computers since Friday on services like Limewire and eDonkey. Instead of playing an adult video, the Lion King in Portuguese, or the Girls Aloud theme from the St Trinnians soundtrack, for example, hundreds of rigged MP3 and MPEG files on the services trigger the download of an executable that serves ad to the infected computer.
Craig Schmugar, threat researcher at McAfee Avert Labs, explains in a blog entry that if people agree to download and run the executable they are asked to agree to a phony end user license agreement and some other useless software.
View: news.com
McAfee Avert Labs reported on Tuesday that more than 500,000 detections of a Trojan horse masquerading as a media file have been found on computers since Friday on services like Limewire and eDonkey. Instead of playing an adult video, the Lion King in Portuguese, or the Girls Aloud theme from the St Trinnians soundtrack, for example, hundreds of rigged MP3 and MPEG files on the services trigger the download of an executable that serves ad to the infected computer.
Craig Schmugar, threat researcher at McAfee Avert Labs, explains in a blog entry that if people agree to download and run the executable they are asked to agree to a phony end user license agreement and some other useless software.
View: news.com
Anyway, I suspect this is just another boring ploy by certain monopolies to "scare" the kiddies into believing they're all gonna die if they carry on downloading those naughty mp3s!
Last edited by artnada on 07 May 2008 - 08:39
This is a completely valid article. I just don't see why this is just now coming to light. I've known this for years now.
This is a completely valid article. I just don't see why this is just now coming to light. I've known this for years now.
Doesn't limewire install malware from the very start?
Not anymore. The bundled malware was removed from LimeWire a long time ago.
If you are promted and asked to agree with an end user license agreement - thats probably when you should stop trying to play you mp3 or mpeg
BUT, you can make a virus by using WMA since they contain executable parts for DRM purposes. Many virus are transmitted this way. I was infected by some of these files in my time. Now I am more vigilent.
File types (I know) that can contain a virus if they are crafted correctly :
WMA
WMV
DOC
XLS
EXE (obviously)
VBS (obviously)
JS (obviously)
File types (I know) that can't contain executable code (and are safe) :
MP3
MPG
OGG
MPG
PNG
GIF
JPG
MNG
BMP
TGA
File types (I know) containing executable code, but that are executed in a virtualised environment (should be safe) :
SWF
MOV
Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
http://www.microsoft.com/technet/security/...n/MS04-028.mspx
Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
http://www.microsoft.com/technet/security/...n/MS04-028.mspx
The JPG didn't run the code, a library that loaded it did. If you didn't use that library to load the JPG, you were safe. Just saying, it was exploiting a particular program. In that case you could consider any file to contain a virus, because who knows what programs can be exploited by loading certain data.
... with the note that if you're being required to download some special player to play these files, you probably know right then that those files are a really bad plan.
Last edited by zachdms on 08 May 2008 - 06:56
Some of the *.mp3 files is actually code that execute with windows media player(WMP). It is a carefully crafted *.mp3 that WMP apparantly will execute. Other players apparantly don't understand the code so they don't play. WMP will execute and start your browser and thus all the pop ups. A indicator that that you have a bogus mp3 is that the length of the audio file is not displayed. In Lime wire you can screen these by adding the length in your search results. In the limewire top line header, simply right click and add audio/length. Then in your search results do not download the ones with blanks.
If you happen to click a bogus mp3 and things start popping up, do not answer any of the questions in the pop up-- close the window using the task manager or windows "X".
Many of the decent anti virus products are not catching these.
Its does smell like RIAAA
Some of the *.mp3 files is actually code that execute with windows media player(WMP). It is a carefully crafted *.mp3 that WMP apparantly will execute. Other players apparantly don't understand the code so they don't play. WMP will execute and start your browser and thus all the pop ups. A indicator that that you have a bogus mp3 is that the length of the audio file is not displayed. In Lime wire you can screen these by adding the length in your search results. In the limewire top line header, simply right click and add audio/length. Then in your search results do not download the ones with blanks.
If you happen to click a bogus mp3 and things start popping up, do not answer any of the questions in the pop up-- close the window using the task manager or windows "X".
Many of the decent anti virus products are not catching these.
Its does smell like RIAAA
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.