Fake, infected media file attacks half a million victims in a week

In what's being called the largest fake media file outbreak in three years, some 500,000 people have fallen prey to a phony music or video track that is actually a spyware-infested Trojan horse.

Usually purporting to be a music track with an MP3 file extension (in this case, an MP3 track from the UK group Girls Aloud), the file is actually an installer that claims to require a special codec and a special media player to play back the file.

Install the codec and what you really get is a computer screen full of pop-ups delivered through a variety of malware programs. You can see what the infection process looks like by checking out the video on this post. The attack is being distributed primarily through peer-to-peer networks.

This is hardly an original attack, but the scale is immense: Those 500,000 attacks occurred in the space of just one week. That's substantial.

The bright spot is that according to McAfee, which provided the data in the BBC report, only about 10 percent of those who downloaded the infected file actually installed it.

The infected file incorporates all manner of potential file names. Though the BBC story includes a half-dozen, the real list of names is exhaustive to the point where it would make little sense including it here. It's likely that that list will continue to grow, too, as the attack continues to develop.

You already know what you need to do now, but I'll say it again: Update your antivirus software, make sure it's running real-time scans, and keep off those peer-to-peer networks.