Massive media file trojan explosion
On 6 May, the McAfee Avert Labs blog reported a trojan that masquerades as an MP3 or MPG media file. Called
Downloader-UA.h, it is distributed over peer-to peer (P2P) networks, and the payload is a crippled MP3 player plus pop-up adware. Very large numbers of trojan files with differing names have been observed. However, the names of many contain the string
The trojan was discovered on 2 May. By 6 May over 360,000 infections had been reported to Avert Labs, but this morning (9 May) Toralz Dirro of the Avert Labs security team told heise Online that the infection count had already reached around 580,000. He pointed out that these figures represent only those reports received by Avert Labs from their subscribers, but he considers the sample representative of the home user population as a whole. Dirro attributes the unusual success of the trojan to the very large number of contaminated media files on offer, rather than to any particular technical feature of the malware or its distribution.