In association with heise online

09 May 2008, 11:26

Massive media file trojan explosion

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

On 6 May, the McAfee Avert Labs blog reported a trojan that masquerades as an MP3 or MPG media file. Called Downloader-UA.h, it is distributed over peer-to peer (P2P) networks, and the payload is a crippled MP3 player plus pop-up adware. Very large numbers of trojan files with differing names have been observed. However, the names of many contain the string t-3545425.

The trojan was discovered on 2 May. By 6 May over 360,000 infections had been reported to Avert Labs, but this morning (9 May) Toralz Dirro of the Avert Labs security team told heise Online that the infection count had already reached around 580,000. He pointed out that these figures represent only those reports received by Avert Labs from their subscribers, but he considers the sample representative of the home user population as a whole. Dirro attributes the unusual success of the trojan to the very large number of contaminated media files on offer, rather than to any particular technical feature of the malware or its distribution.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit