The social engineering attacks purport to offer MP3 files or Mpeg movie files.
On downloading and launching the file, the user is prompted to launch an executable called 'play_mp3.exe' which installs adware.
Instead of a movie or song, the user gets a pair of adware tools for the Firefox web browser. If the user does not have Firefox installed, an error message asks the user to install the software.
McAfee researcher Craig Schmugar explained that the fake files have been traced to the fastmp3player.com domain. McAfee has detected the attacks on more than 360,000 machines, including more than 120,000 in the past 24 hours.
"This is one of the most prevalent pieces of malware in the past three years, " he said. "We have never had a threat this significant that arrives as a media file."
The malware launches a multimedia tool which Schmugar described as "simply a browser control wrapped in an executable".
"In the end you are left with a fake MP3 file taking up space, a worthless MP3 player, and adware that displays popup and pop-under ads," he said.
Fake MP3 attack hits 360,000 PCs
By Shaun Nichols on May 9, 2008 7:39AM