STLtoday.com
[Print] [Close]
05.07.2008 10:14 am
Fake media files threaten PC gamers
By: David Sheets
St. Louis Post-Dispatch

PC gamers, take note: There’s a spooky problem looming on the Web this week that threatens to curtail your fun.

It’s a Trojan horse called Downloader-UA.h. It masquerades as a media file, and it’s responsible for thousands of fake MP3 music and MPG video files floating around online, according to virus watcher McAfee Inc.

The company says it has detected the Trojan in more than 500,000 consumer PCs. But because the Trojan is associated with malicious files that are turning up on file-sharing services such as Limewire, that number is expected to increase rapidly — perhaps even double — within the week.

Though McAfee considers Downloader-UA.h a “medium” risk, the company hasn’t issued a warning so severe since 2005.

“This is one of the most prevalent pieces of malware in the last three years,” said Craig Schmugar, a threat researcher at McAfee, in a company statement this week. “We have never before had a threat this significant that arrives as a media file.”

Downloader-UA.h pushes along fake files associated with a Web address known as fastmp3player.com. Attempting to play the fake files triggers an instruction to download something called “PLAY_MP3.exe,” which opens a path for Web ads to overload the computer. The fake music and video files may have names such as:

preview-t-3545425-adult.mpg
preview-t-3545425-changing times earth wind .mp3
preview-t-3545425-girls aloud st trinnians.mp3
preview-t-3545425-heartbroken fast t2 ft jodie.mp3
preview-t-3545425-jij bent zo jeroen van den.mp3
preview-t-3545425-meet bambi in kings harem.mp3
preview-t-3545425-middle eastern chick.mpg
preview-t-3545425-paint me bunmingham.mp3
preview-t-3545425-paralyized by you.mp3
preview-t-3545425-pull over levert.mp3
preview-t-3545425-say it right remix.mp3
preview-t-3545425-st trinnians girls aloud.mp3
preview-t-3545425-theme godfather.mp3
t-3545425-bentley bizzle.mp3
t-3545425-dx vs randi orton 2007.mpg
t-3545425-haloween special.mp3
t-3545425-just got lucky.mp3
t-3545425-lion king portugues.mpg
t-3545425-los padres de ella.mpg
t-3545425-para sayo freestyle.mp3
t-3545425-peanut butter jelly amende.mp3
t-3545425-stare at sun thrice.mp3
t-3545425-suicide bride dana.mp3
t-3545425-wayne and jane.mp3

Clicking on PLAY_MP3.exe doesn’t enable song playback. Instead, it opens a 4,800-word end-user licence agreement for something called “Play Free MP3s” that conclues with an “Agree” button. And clicking on that button installs the adware “FBrowsingAdvisor” and “SurfingEnhancer,” among others — tools that are likely to fill your PC with garbage.

So, those of you who frequently visit P2P sites, please take heed: Downloader-UA.h is lurking, and its bad-boy partner PLAY_MP3.exe brings nothing but trouble for anyone who thinks it actually gives them a tune or two worth playing. Better to steer clear of it, as well as any file name mentioned above. Otherwise, you may have to exchange your gaming fun for a PC maintenance headache.

Article printed from The Game Guy: http://www.stltoday.com/blogzone/the-game-guy

URL to article: http://www.stltoday.com/blogzone/the-game-guy/the-game-guy/2008/05/fake-media-files-threaten-pc-gamers/

If you enjoy reading about interesting news, you might like the 3 O'Clock Stir from
STLtoday.com. Sign up and you'll receive an email with unique stories of the day,
every Monday-Friday, at no charge.
Sign up at http://www.stltoday.com/newsletters/