Fake, infected media file attacks half a million victims in a week

Sun May 11, 2008 1:52PM EDT

See Comments (128)

In what's being called the largest fake media file outbreak in three years, some 500,000 people have fallen prey to a phony music or video track that is actually a spyware-infested Trojan horse.

Usually purporting to be a music track with an MP3 file extension (in this case, an MP3 track from the UK group Girls Aloud), the file is actually an installer that claims to require a special codec and a special media player to play back the file.

Install the codec and what you really get is a computer screen full of pop-ups delivered through a variety of malware programs. You can see what the infection process looks like by checking out the video on this post. The attack is being distributed primarily through peer-to-peer networks.

This is hardly an original attack, but the scale is immense: Those 500,000 attacks occurred in the space of just one week. That's substantial.

The bright spot is that according to McAfee, which provided the data in the BBC report, only about 10 percent of those who downloaded the infected file actually installed it.

The infected file incorporates all manner of potential file names. Though the BBC story includes a half-dozen, the real list of names is exhaustive to the point where it would make little sense including it here. It's likely that that list will continue to grow, too, as the attack continues to develop.

You already know what you need to do now, but I'll say it again: Update your antivirus software, make sure it's running real-time scans, and keep off those peer-to-peer networks.

Comments on Fake, infected media file attacks half a million victims in a week

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 46 Posted by moonlightboy7 on Thu Sep 3, 2009 7:26PM EDT Report Abuse

    to mcdaniel_g@sbcglobal.net The best thing to do is reinstall a new Windows system(on a different drive preferably),save any important files you have in the windows folders (like "my documents",desk..) and then delete the infected one. That's the only solution with a 100% garantuee unless you enjoy fighting with those lil bugs ,then good luck and have fun. =)

  • 47 Posted by bobshnogen on Thu Sep 3, 2009 3:10PM EDT Report Abuse

    O.o; wow some people are really really retarded. LOL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  • 48 Posted by mt_saint_helens on Thu Sep 3, 2009 7:29PM EDT Report Abuse

    I have never hit an e-mail virus before, in fact all e-mails I have gotten so far on this account are from people I know, 123greetings.com, or various Yahoo! objects like an e-mail saying one of my answers was chosen as a best answer, etc. If you see an e-mail you are CERTAIN that is not a reply from your cousin about the family reunion or from another trusted source, do NOT open it. Some e-mails have files (potential viruses) attatched, and if it says "This e-mail has a file attatched: whatevertheheckthefileis.filetype Do you want to run it?" If it is a movie from a friend, that's okay. But if the e-mail is from some total stranger, you don't recognize the e-mail address (or worse, you recognize it as a source of adware/viruses)--please do not open it. To do so is foolhardy and will undoubtly blast your PC open with things you would rather not install on your computer.

  • 49 Posted by ldyvns on Thu Sep 3, 2009 4:58PM EDT Report Abuse

    I've just spent countless hours with Dell Tech Support over the past two days because of this virus. Yes, it is a Trojan virus but also is known as the Vmundo (spellings vary) virus. This all happened from a link that required a "player" - started the player download, cancelled it, but it was too late. And it didn't look like the one in this article. I wa----- by hundreds of unwanted popups. The Trojan "part" can be removed, but the Vmundo cannot, and it attaches to your system restore function. Bottom line is, I was protected, but this was out of the realm of even McAfee. I have had to completely scrape, reinstall, and start over with my computer. I'm told by computer experts that myspace and facebook is the most common places to find this virus, so if you frequent those sites, beware.

  • 50 Posted by techboy86 on Thu Sep 3, 2009 9:59PM EDT Report Abuse

    it tried to get me too I got a file off limewire and it was there

  • 51 Posted by wmtyrancz on Thu Sep 3, 2009 10:49PM EDT Report Abuse

    I guess people will always fall for this kind of crap. I almost don't even feel sorry for them. I've owned computers since 1999 and can say that i have had only a couple of viruses in all that time. I guess i'm lucky that i'm single with no kids playing with my pc.

  • 52 Posted by sparky_mahoney on Thu Sep 3, 2009 9:35PM EDT Report Abuse

    Or maybe get a clue about how to use your PC. I've been using PC's since the old 8086 days and have only once...once...got a virus, and that was my fault because I was installing something not quite legal. :)

  • 53 Posted by onemargali on Thu Sep 3, 2009 7:45PM EDT Report Abuse

    I've used Limewire for the past two years and never had a problem. I download files from it all the time. I keep my antivirus software updated. Firefox keeps the pop ups away anyhow.

  • 54 Posted by lamune_baba on Thu Sep 3, 2009 4:56PM EDT Report Abuse

    I've got $20 that says this was programmed by someone paid by the RIAA or their ilk. Tracking it back to a computer in an actual RIAA office would make me dance the happy dance of joy.

  • 55 Posted by wmtyrancz on Thu Sep 3, 2009 10:49PM EDT Report Abuse

    I agree with bambammprod 100% I'm so sick of people looking for a free ride when it comes to music. I have always bought the music i listen to. Go to mp3 wesites and boards,Its always whats a good site to get free music. People today don't have a clue that stealing is wrong and if they get viruses or trojans,they are getting what they deserve.

  • 56 Posted by dennisinsc2005 on Thu Sep 3, 2009 3:41PM EDT Report Abuse

    I operate a computer repair store and I see machines several times a month infected with dozens to hundereds of malware programs, trogans and viruses, with active, up to date, paid subscripions to Mc Afee and Norton. I dont put ANY trust in either product, in fact I feel there should be a class action lawsuit aganst both for claiming they protect people, while they do a totally poor job.

  • 57 Posted by sweetmamaw on Thu Sep 3, 2009 9:52PM EDT Report Abuse

    I CAN'T WAIT FOR ALL OF THIS TECHNOLOGY JUST TO STOP RUNNING. THEN WHAT IS EVERYBODY GOING TO DO!!!

  • 58 Posted by viktorkuprin on Thu Sep 3, 2009 10:35PM EDT Report Abuse

    Get sued for downloading MP3 files? Sciencetroll, you might as well stay up all night and worry about being hit by a meteor from outer space. With the hundreds of thousands of peer-to-peer file shares going on every day, the lawsuits are totally ineffective. All they do is generate media coverage and press releases, a tactic that tries to scare people. Do you stay inside all the time when it's cloudy because you're afraid you might get struck by lightning? The threat described in this report is a malware trojan disguised as a codec, a software component that is prompted to be downloaded. MP3 files don't need special software players.

  • 59 Posted by kairuiz1 on Thu Sep 3, 2009 4:46PM EDT Report Abuse

    For me,I never get free music. What's the thing with Limewire or Frostwire? Why do people download and use it? It's all a scam. Just use a few dollers for music. Download the thing off apple. At least it's not a scam.

  • 60 Posted by tenacioust04 on Thu Sep 3, 2009 10:00PM EDT Report Abuse

    maybe people should stop downloading music and by cd's to support the artists who make the music.

  • 61 Posted by mallen9595 on Thu Sep 3, 2009 7:04PM EDT Report Abuse

    A good way to avoid this is to set your media player NOT to "automatically download codecs". This is hardly a new attack and Windows Media Player is especially vulnerable because it is set to download codecs automatically. However, it's not the only media player susceptible.

  • 62 Posted by mallen9595 on Thu Sep 3, 2009 7:04PM EDT Report Abuse

    "I keep getting prompted to purchase antispyware programs, but I should be covered by norton. What to do??" 90% of spyware masquerades as security and anti-spyware programs. In fact, almost none of the legit anti-spyware programs require you to pay; all are free (SpySweeper is a notable exception to this). Also, Norton's is junk. Get Avira Anti-vir, which is free for home use. Also, download HiJackThis! from Merijn.org, rename the file you download, and run it. Paste the scan report to a reputable fix-it site and somebody will tell you what you need to do in order to fix the current problem.

  • 63 Posted by azkobushi on Thu Sep 3, 2009 3:00PM EDT Report Abuse

    At work I can't do that stuff. At home I have Macs. (snicker)

  • 64 Posted by salas4999 on Thu Sep 3, 2009 9:00PM EDT Report Abuse

    Try Webroot Spysweeper with anti virus. Also try cleaning up you registry (Glarysoft.com-it's free). Defrag your hard drive. Finally, get a firewall like zone alarm (free version).

  • 65 Posted by cb131211 on Thu Sep 3, 2009 3:19PM EDT Report Abuse

    Mac owner for ten years. One of those horrible obnoxious people. Look even I hate the Mac commercials. I love the PC guy and find him to be the common man and totally identifiable as the everyday likeable "joe. I hate the "Mac guy". But I do love my MacBook Pro Laptop. And when people start talking about spyware, -- and I'm pretty tech proficient -- I know about shared object flash cookies, and hash functions, etc, -- but I have no idea about spyware. I don't even know if it is on my mac nor am I concerned. I remember seeing something with a yellow window called McFee on one of my older G3 macs asking me if I wanted to update it, but my IT spouse told me to ignore and not bother. And yes in all fairness, people don't write viruses for Macs, but, and here's where I"m going to sound typical "mac snob", if they did start writing them, I have a feeling they would be up against a far superior machine, that's less vulnerable. As I always tell my friends: "Why when you buy the hardware, wouldn't you buy the software from the same company that built the hardware?" Common sense. And yes Mac people take every opportunity like this horrible virus to point out the problems with PC's. Actually not the problem with PC's -- I bet Sony makes a great Laptop, or Dell, or HP, but the problem with Microsoft. The "car" is fine, it's the driver the stinks. I'd love it if Dell/Sony/HP would do something innovative, like say good-bye to Windows and ship all their computers with Linux (Does Redhat or Oracle have the rights -- don't know how that would work, isn't it free?) That would be wild. I'm married to an IT person who loves Linux, so go be daring some giant hardware pc manufacturer. Sony for goodness sakes, be brave. You lost out in the MP3 player world somehow (how? you had the walkman! -- you make hardware and software for music way before Apple, but I am really digressing). Anyway my spouse had some frustrated friends today, so sorry to anyone who got hit with this. Truly. As a Mac user we don't get satisfaction in anyone's problems. I guess we live in a happy world and we just want to share. Not a perfect one. A happy one.

More Posts: First Prev 2 3 4 5 6 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.