Malware outbreak blamed on file-swapped MP3s, MPEGs

Security firm says fake music and movie files downloaded from Limewire and eDonkey instead runs ads on your computer.

Consumers are being warned that they may get an ad instead of a music or video file on several file-sharing sites in what security firm McAfee says is the most significant malware outbreak in three years.

McAfee Avert Labs reported on Tuesday that more than 500,000 detections of a Trojan horse masquerading as a media file have been found on computers since Friday on services like Limewire and eDonkey.

Instead of playing an adult video, the Lion King in Portuguese, or the Girls Aloud theme from the St Trinnians soundtrack, for example, hundreds of rigged MP3 and MPEG files on the services trigger the download of an executable that serves ad to the infected computer.

Craig Schmugar, threat researcher at McAfee Avert Labs, explains in a blog entry that if people agree to download and run the executable they are asked to agree to a phony end user license agreement and some other useless software.

"In the end you're left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display popups, but also to block them, and more adware that successfully displays popup and popunder ads," Schmugar writes.

McAfee rates the threat "medium" risk, the highest rating given to any malware since 2005.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The problem with Amazon Dash buttons

Limits on choice mean new shopping gadget won't click for everyone. Bridget Carey explains how the buttons work, and the rule changes for sharing your Prime perks with others.

by Bridget Carey