Trojan Adware Hiding in MP3s, McAfee Says

Adware pushers have found a new way to trick you into downloading their annoying products: fake MP3 files.

On Tuesday, security vendor McAfee reported that it's seen a huge spike in fake MP3 files spreading on peer-to-peer networks. Although the files have names that make them look like audio recordings, they're really Trojan horse programs that try to install a shoddy media player and adware on your computer, said Craig Schmugar, a researcher with McAfee.

"Once you run it, there is no content. You're taken to this site to install this player which you don't really need," he said.

Fake file names include: preview-t-3545425-changing times earth wind .mp3 and t-3545425-just got lucky.mp3. Schmugar listed more filenames, as well as details on the adware, in a Tuesday blog posting.

Users are first asked to OK an end-user license agreement before the Trojan installs the Mirar toolbar and two other components, called FBrowsingAdvisor & SurfingEnhancer.

Ironically, while Mirar tells users that it doesn't display popups, the FBrowsingAdvisor & SurfingEnhancer software do deliver popup ads, so users who do not realize that they are installing several programs might feel tricked, Schmugar said. "You have a Window telling you that there are no popups and right behind it is a popup."

Although McAfee has seen some nasty software disguising itself as media files in the past, it has never seen anything on this scale, Schmugar said. Over the past 24 hours, nearly a third of the McAfee customers who reported data back to the security company have detected these files, he said.

In the past few days McAfee has spotted the files on more than 360,000 users' desktops.

Subscribe to the Security Watch Newsletter

Comments