Fake, infected media file attacks half a million victims in a week

Sun May 11, 2008 1:52PM EDT

See Comments (128)

In what's being called the largest fake media file outbreak in three years, some 500,000 people have fallen prey to a phony music or video track that is actually a spyware-infested Trojan horse.

Usually purporting to be a music track with an MP3 file extension (in this case, an MP3 track from the UK group Girls Aloud), the file is actually an installer that claims to require a special codec and a special media player to play back the file.

Install the codec and what you really get is a computer screen full of pop-ups delivered through a variety of malware programs. You can see what the infection process looks like by checking out the video on this post. The attack is being distributed primarily through peer-to-peer networks.

This is hardly an original attack, but the scale is immense: Those 500,000 attacks occurred in the space of just one week. That's substantial.

The bright spot is that according to McAfee, which provided the data in the BBC report, only about 10 percent of those who downloaded the infected file actually installed it.

The infected file incorporates all manner of potential file names. Though the BBC story includes a half-dozen, the real list of names is exhaustive to the point where it would make little sense including it here. It's likely that that list will continue to grow, too, as the attack continues to develop.

You already know what you need to do now, but I'll say it again: Update your antivirus software, make sure it's running real-time scans, and keep off those peer-to-peer networks.

Comments on Fake, infected media file attacks half a million victims in a week

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 66 Posted by lordothedancex on Thu Sep 3, 2009 6:56PM EDT Report Abuse

    The RIAA (major record labels) has been known for uploading corrupt and virus infected files to P2P and Torrent sites just to destroy people's computers. Ah, corporate greed! I'll be surprised if Yahoo doesn't take this comment down because of it's connections with those companies.

  • 68 Posted by onemargali on Thu Sep 3, 2009 7:45PM EDT Report Abuse

    Being a frequent user of Limewire, sometimes you can't find the music you want in the stores. I buy CDs that are released by my favorite bands all the time. But sometimes I'm not looking for the whole CD or I want a song you can't find in the stores, so I download it with Limewire. As I've said, there's nothing wrong with it. Just don't click on bogus pop-ups. Use your common sense and you'll be fine. I have 5000+ MP3's just in the My Music Folder on one computer. Then I've got a few other folders with even more MP3's. The other computer has likely half the amount. No viruses! Duh.

  • 69 Posted by jamatwill_30 on Thu Sep 3, 2009 4:27PM EDT Report Abuse

    This information is all well and good, but what about all these other scams, spams and schemes from people that show up in my inbox that I do not solicit (let alone respond to), asking me and others to help them attain monies of outrageous sums from other countries and then want you to send money in order to get it? I get these almost everyday and that is more sickening than p2p downloads with viruses in tow. My spam filter is practically full.

  • 70 Posted by jffh2006 on Thu Sep 3, 2009 4:34PM EDT Report Abuse

    I never install or click a link I didn't initiate or was sent to me. THERE IS ALSO IS A PAYPAL SCAM BEING EMAILED. I was emailed to 2 separate email accounts about needing to click a link to verify my PayPal account, one of which was not registered with PayPal to begin with. The message prompts you to click a link in the message to verify your account due to some suspect activity on your account and has verbage to the effect that your account has been suspended until you login to do something about it. Well, I launched a different browser and THEN logged into my account. Nothing out of the ordinary and my account is active. The internet is like life, use some common sense and you can avoid a lot of problems.

  • 71 Posted by cruz2322 on Thu Sep 3, 2009 3:31PM EDT Report Abuse

    if I were you I would ship it to them. This way they them sef can see what going on. bet they tell you yeah your right

  • 72 Posted by truthsazara on Thu Sep 3, 2009 10:23PM EDT Report Abuse

    Wow, did anybody read that Mac post? Amazing post regarding nothing there pal! You need three tools in this order to keep yourself safe (or remove the ----- s when they get on there!)... 1. SpyBot Search and Destroy (always update it --just like they do!) 2. Super Anti-Spyware 3. HiJackThis ...But whats really funny, is the Limewire thread here. Now tell me how long do you think it will be before the companies start seeding their own viruses on P2P? They've already got their own servers on these networks in cooperation with cable companies. So P2P is awesome, and must therefore be destroyed. Hmm... How long until Frostwire or some other 'wire has a built in spyware scanner... branded by Mcafee no doubt, ha ha!

  • 73 Posted by ashleighpersilver on Thu Sep 3, 2009 2:58PM EDT Report Abuse

    i had this pop up on my computer after downloading a song from limewire, but my McAffe virus pritection blocked it, i remember wondering which song i downloaded that had this virus, glad i had a shield!!!

  • 74 Posted by riorenzoneostar on Thu Sep 3, 2009 8:42PM EDT Report Abuse

    that is wat weak anti-virus. if it still detect nothing even if its maximum. install a different anti-virus. kaspersky or eset nod32 etc. if hu knows da 1 hu created those fakes make a revenge 4 it.

  • 75 Posted by scarlen72 on Thu Sep 3, 2009 9:07PM EDT Report Abuse

    People keep saying only noobs, retards, and morons would get infected this way. You are forgetting that the largest demographic on the internet right now probably has only a rudimentary knowledge of how their computer works, let alone safely navigating the internet. If there weren't millions of dupes out there that blindly follow links and download stuff they don't know about these viruses wouldn't even be written. There would be no point. It's the same with phishing emails. If tons of people didn't blindly enter their personal info it wouldn't be profitable.

  • 76 Posted by stopashot on Thu Sep 3, 2009 9:45PM EDT Report Abuse

    This is all true except you can avoid this by only downloading mp3s with a time length the rest are bogus

  • 78 Posted by anneland on Thu Sep 3, 2009 2:55PM EDT Report Abuse

    Those are 500,000 people who should have their computers taken away from them because they are too dumb to use them.

  • 79 Posted by dickorydock13 on Thu Sep 3, 2009 3:42PM EDT Report Abuse

    I guess the problem is that these people had a crappy taste in music!

  • 80 Posted by jmzhbz on Thu Sep 3, 2009 4:37PM EDT Report Abuse

    Download Startup Inspector for Windows, install and follow instructions. You should be able to locate the problem quickly. Do not remove anything that you are unsure of. It is best to use the "Identify" option and go from there. That and load AVG from grisoft.com and it will help locate problems Norton misses.

  • 83 Posted by ak8032704 on Thu Sep 3, 2009 2:48PM EDT Report Abuse

    The best free removal system I've used is spybot. It took acouple of times of me scanning and deleting files that it picked out before my computer went back to 100% but I loved it. It's free, but after it saves your computer a donation to the company is well deserved. Here's the website: http://www.spybot.com/en/mirrors/index.html

  • 84 Posted by brune55@verizon.net on Thu Sep 3, 2009 3:14PM EDT Report Abuse

    I also got the Trogen when I was looking to view the video of the cheerleader attack the other week. It too asked to DL a special player. I have 2 anti-virus softwares and none of them worked. I found a download "SmitfraudFix," and it got rid of it. I also ran my antivirus afterwards and it found more of the virus in my restore files. It found all types of places to hide itself.

  • 85 Posted by cgyj@sbcglobal.net on Thu Sep 3, 2009 3:21PM EDT Report Abuse

    I use Trend Micro's PCillin and I've never had a problem. John Messenger Santa Rosa, California.

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.