Fake, infected media file attacks half a million victims in a week

Sun May 11, 2008 1:52PM EDT

See Comments (128)

In what's being called the largest fake media file outbreak in three years, some 500,000 people have fallen prey to a phony music or video track that is actually a spyware-infested Trojan horse.

Usually purporting to be a music track with an MP3 file extension (in this case, an MP3 track from the UK group Girls Aloud), the file is actually an installer that claims to require a special codec and a special media player to play back the file.

Install the codec and what you really get is a computer screen full of pop-ups delivered through a variety of malware programs. You can see what the infection process looks like by checking out the video on this post. The attack is being distributed primarily through peer-to-peer networks.

This is hardly an original attack, but the scale is immense: Those 500,000 attacks occurred in the space of just one week. That's substantial.

The bright spot is that according to McAfee, which provided the data in the BBC report, only about 10 percent of those who downloaded the infected file actually installed it.

The infected file incorporates all manner of potential file names. Though the BBC story includes a half-dozen, the real list of names is exhaustive to the point where it would make little sense including it here. It's likely that that list will continue to grow, too, as the attack continues to develop.

You already know what you need to do now, but I'll say it again: Update your antivirus software, make sure it's running real-time scans, and keep off those peer-to-peer networks.

Comments on Fake, infected media file attacks half a million victims in a week

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 6 Posted by gboess82 on Thu Sep 3, 2009 4:06PM EDT Report Abuse

    I went to the link and watched the video and can't imagine how 500,000 people were duped into that long process. First and foremost, why would you click on install special codecs? All normal ones work fine so why download any other, for any reason? Then you had to go to their site, install something else, click agree to terms, and if by then you don't think something's up you deserve a spyware trojan horse. Trojan horses are like vampires; they can't come in unless you invite them by installing apps or being foolish about what you download.

  • 7 Posted by jimblink@sbcglobal.net on Thu Sep 3, 2009 4:35PM EDT Report Abuse

    gboess is right. How the heck could you NOT know this was trouble! You've got, like, 10 things that should tip you off. I hate to say it, but I agree that if you go through all that, you deserve what you get. Geeze. Some basic common sense is escaping half a million people. Scary.

  • 9 Posted by mybluesnuggs on Thu Sep 3, 2009 7:31PM EDT Report Abuse

    I receive a Lot of e-mails, and a lot go unopened & quite a few go in the Spam filter

  • 10 Posted by ramonv.rm on Thu Sep 3, 2009 8:27PM EDT Report Abuse

    There sure are some stupid people out there!

  • 11 Posted by cloyd42 on Thu Sep 3, 2009 3:27PM EDT Report Abuse

    The acceptance screen says "ad-supported" and you need to take an additional step to install the codec. Is this really a trojan or just nasty adware taking advantage of the fact that people don't generally read the terms & conditions? Nasty yes, but I'm not convinced it's really a trojan.

  • 13 Posted by tonyhippy on Thu Sep 3, 2009 10:16PM EDT Report Abuse

    I'm just surprised they could find 500, 000 people who like Girls Aloud!

  • 14 Posted by ramonv.rm on Thu Sep 3, 2009 8:27PM EDT Report Abuse

    How many of those half-million people live in red states?

  • 17 Posted by fiyahhhhh555 on Thu Sep 3, 2009 4:00PM EDT Report Abuse

    limewire is only illegal if you sell the music you download

  • 19 Posted by ezight on Thu Sep 3, 2009 3:57PM EDT Report Abuse

    Use your local public library people !!!!!!!!!!!!!!!!! The government funds it for you and RIAA cannot touch it cause its state and government funded!!!!!!!

  • 21 Posted by jamesa245 on Thu Sep 3, 2009 4:27PM EDT Report Abuse

    aa4mw "I just wonder how long it is going to be before we get something targeted at the Windows derived software in cars? Put a CD into the radio player and your brakes lock up or ???" That is sad but hilarious at the same time ! ! OMG !

  • 22 Posted by orionlukteel on Thu Sep 3, 2009 7:46PM EDT Report Abuse

    Quote: "I keep getting prompted to purchase antispyware programs, but I should be covered by norton. What to do??" Find the address of the website that's offering you their anti-spyware programs. Type that web address into yahoo, or at least the name of the antivirus software, and you'll get a list of complaints or questions about that particular trojan. You can also find help and removal instructions if you look hard enough. Norton's really started to slack on removal. Good luck!

  • 23 Posted by medwardl3 on Thu Sep 3, 2009 7:14PM EDT Report Abuse

    this is a very old way of inserting a trojen anyone with half a brain shouldnt fall for this. aa4mw just using p2p doesnt open you up for a lawsuit its the downloading and distributing of copyrighted matirial there is tons of stuff that is perfectly leagal to download do some research please along with everyone that thinks like aa4mw on the legality of p2p. the antivirus from free-av is a great anti virus much better than mcaffee and norton peerguardian doesnt hurt aswell if you insist on downloading copyrighted matirial.

  • 24 Posted by jpvideo2002 on Thu Sep 3, 2009 4:42PM EDT Report Abuse

    I know computers are now a way in our lives, but do many of you remember the days when we did not have computers ? Things were much eaiser and sometimes more accurate than today, more jobs, yes more paper work or did computers really cut the paper trail ? . The REAL PROBLEM they got into the wrong hands but MONEY GREEDY COMPANIES took over and we fell for it. I could go on and on but why cause the majority of you think I'm crazy am I really , think about it !!

  • 25 Posted by huyitsfong on Thu Sep 3, 2009 4:21PM EDT Report Abuse

    You'd have to be pretty stupid to click on Yes when it tells you that you need to install something to listen to an MP3...The same darn file you already have on your PC! If your other MP3's don't need a new codec, then that one shouldn't.

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.