Multiple media reports on multimedia malware

There have been many media reports (The Register, BBC News Online, TechRadar, ZDNet, Eweek, etc..) in the last 24 hours or so following a blog post from our friends at McAfee, describing a Trojan horse that is said to have infested P2P networks.

The Trojan horse (which is detected as Troj/Wimad-E by Sophos, but called Downloader-UA.h in many of the news stories) is reported to have struck the PCs of home users who have downloaded specially-crafted MPG movie and MP3 music files from peer-to-peer file-sharing networks.

This isn’t a new technique for malware authors.  For years they have used a cornucopia of alluring filenames on a variety of P2P networks to try and seed their malware.  This latest attempt Windows uses Digital Rights Management (DRM) to trigger a visit to a malicious webpage that will, in turn, attempt to download adware-related files to the downloader’s computer.

Sign up to our free newsletter.
Security news, advice, and tips.

In this latest example some of the filenames reported to have been planted on P2P networks include:

  • girls aloud st trinnians.mp3
  • changing times earth wind.mp3
  • heartbroken fast t2 ft jodie.mp3
  • meet bambi in kings harem.mp3
  • paralyized by you.mp3
  • pull over levert.mp3

However, serial downloaders would be wise to realise that this list is far from exhaustive and hackers can constantly change the name of the affected file in an attempt to catch more victims.

Sophos is not receiving widespread reports of this Trojan horse, probably because our customer base is made of corporations rather than home users – and businesses tend to have tighter control over the use of P2P file-sharing applications because of concerns over illegal and malicious content, bandwidth and user productivity.

If the infection rate amongst consumers is anything like as high as some reports have suggested, however, then it is a sad indictment on the level of computer security protecting the typical file-sharer at home.  Is it any wonder that the bad guys can make so much money from adware and spyware if the typical guy in the street has no clue about how to defend their PC?

* Image source: Père Ubu’s Flickr photostream (Creative Commons 2.0)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.