Browse by topic

News

Fake media files hit file sharers with trojan

8 May 2008 12:36 by Dave "Davedough" Horvath | 43 comments

Sources from the security firm McAfee have stated that over 500,000 machines have reported being infected by a new trojan going around that's disguised as media files shared on popular P2P networks. These files can either look like a popular and heavily seeded music or movie file and often contain the name of whatever popular file is going around the P2P networks now is actually a trojan loaded with tons of malware packages to make a file sharer's day a lot less enjoyable.

McAfee states that this fake file outbreak is the worst that its seen in three years. Users who get attacked by the fake file are treated to an array of pop-ups and open back doors to the world for their computers to be compromised. These files are mostly predominant on the eDonkey and Limewire networks and are often labeled with a different language to confuse users. The titles make the file appear to be music tracks, pornography and full versions of popular movies. Once downloaded, the user is asked to install a specific codec to view the media, and its then that the trojan is launched.

Included in the bundled of malware from this package is a media player that will only play included media files, thereby disabling any other media player or media files on the user's machine from being played. McAfee stated that of the 500,000 cases it's seen, only 10% of those have gone as far as installing the malicious package.

Permalink to this article

MPAA awarded $110 million in TorrentSpy suit (8 May 2008)

Swedish file-sharer gets convicted (6 May 2008)

Andersen wants to end the RIAA (5 May 2008)

NiN giving away The Slip (5 May 2008)

Popcorn Hour now available for pre-order (4 May 2008)

Judge shuts down RIAA in music piracy case (30 April 2008)

« Previous news article
MPAA awarded $110 million in TorrentSpy suit

Next news article »
Microsoft may implement copyright cops into every Zune

Post your comment

Discuss this article!	There are more user comments available, read them here
goodswipe (Senior Member) 8 May 2008 15:42
*Originally posted by ivymike:* This is why you ALWAYS check the validity of what you're downloading. With emule, this is easy. Exactly, only morons fall game to this. This is a good way to keep all those people from spreading more virii across the WWW. "look honey, it said goodswipe! oh wow, that's amazing." [ + quote]
iluvendo (Senior Member) 8 May 2008 15:42
*Originally posted by goodswipe:* *Originally posted by varnull:* I like that... What about this one? Goodswipe, with your pic, *"You Da Man!!!!"* If it wasn't for bad luck, I'd have no luck! "The flimsier the product,the higher the price" Ferengi 82nd rule of aquisition [ + quote]
goodswipe (Senior Member) 8 May 2008 15:44
;) I'm true to the game mr endo. I tell it how it is... "look honey, it said goodswipe! oh wow, that's amazing." [ + quote]
rlessmue (Newbie) 8 May 2008 15:45
...so those of you who think your "virus program" is protecting you from all the "bad" files that you are downloading...check out this site: http://www.virustotal.com/ At this site you can upload a file that you think is infected or questionable, and it will verify it using about 32 different virus programs. The results will show on a page of which each program found. Now different virus programs see "things" differently. For example McAfee might say one program has a "trojan" and another like Kaspersky doesn't see anything. So who do you trust....??? I play the "percentage game" when trying to decide. If 80% of the programs complain that the file you sent was infected...I would agree that it is infected! What about 10%? Depends on the 10% that said that the file was infected. I usually look at the "TOP" virus programs that I know of and "make my decision" from that information. So, the next time you come across a codec to install... upload it first if you what to be sure. Note: I only "trust" my virus program 75% of the time anyway. ...really it's not that hard to use a little common sense when opening a file that you receive or download. Cheers! [ + quote]
iluvendo (Senior Member) 8 May 2008 15:47
Goodswipe, only suggestion, pic needs to be larger (for the effect) If it wasn't for bad luck, I'd have no luck! "The flimsier the product,the higher the price" Ferengi 82nd rule of aquisition [ + quote]
nobrainer (Member) 8 May 2008 15:47
*Originally posted by goodswipe:* What about this one? lol can you also put DRM across the ps3 and include a link to what sony BD+ drm will eventually become screwUrom malware trojan. Mass Effect' to have terrible DRM *Originally posted by link:* sony secuROM DRM requires Orwellian control lock to media you think you own! the game will have rolling DRM, meaning every 10 days you will need to activate the game again over the internet. "Mass Effect uses SecuROM and requires an online activation for the first time that you play it," French says. "After the first activation, SecuROM requires that it re-check with the server within ten days (in case the CD Key has become public/warez'd and gets banned). Just so that the 10 day thing doesn't become abrupt, SecuROM tries its first re-check with 5 days remaining in the 10 day window. If it can't contact the server before the 10 days are up, nothing bad happens and the game still runs. After 10 days a re-check is required before the game can run." In case that didn't sink in, to play Mass Effect you will need to re-activate your copy every 10 days, until the end of time. This of course, will lead to problems, there is no doubt about that. Firstly, if you don't have internet you cannot play this game, plain and simple. That is probably not so big of a problem now that broadband prices are so cheap, but imagine moving into a new house and not having time to set up Internet for the first ten days. Say goodbye to your brand new $50 copy of Mass Effect. The DRM gets even worse. You are only allowed to install the game on three machines before it locks up. If the activation servers go down, good luck trying to play your game at all. (Anyone remember Bioshock?) Thats not even mentioning if Bioware ever goes out of business, there will be no server to reactivate with every 10 days, effectively killing your game off. The BPI Are: SONY, UNIVERSAL, WARNER GROUP, EMI. The RIAA Soundexchange Are: SONY, UNIVERSAL, WARNER GROUP, EMI. The IFPI Are: The same anti consumer lot as listed above! The MPAA Are: SONY, UNIVERSAL, WARNER GROUP, DISNEY, PARAMOUNT, FOX. [ + quote] This message has been edited since posting. Last time this message was edited on 8 May 2008 15:48
varnull (Senior Member) 8 May 2008 15:59
*Originally posted by rlessmue:* ...so those of you who think your "virus program" is protecting you from all the "bad" files that you are downloading...check out this site: http://www.virustotal.com/ At this site you can upload a file that you think is infected or questionable, and it will verify it using about 32 different virus programs. The results will show on a page of which each program found. Now different virus programs see "things" differently. For example McAfee might say one program has a "trojan" and another like Kaspersky doesn't see anything. So who do you trust....??? I play the "percentage game" when trying to decide. If 80% of the programs complain that the file you sent was infected...I would agree that it is infected! What about 10%? Depends on the 10% that said that the file was infected. I usually look at the "TOP" virus programs that I know of and "make my decision" from that information. So, the next time you come across a codec to install... upload it first if you what to be sure. Note: I only "trust" my virus program 75% of the time anyway. ...really it's not that hard to use a little common sense when opening a file that you receive or download. Cheers! nicely nicely.. use of brain.. a rare thing these days, you must be complemented on your excellent judgement in choosing the quality device you have been fitted with, instead of letting redmond etc make the decisions for you ;) (I think I have sunstroke or something.. WTF??) I open dubious files with whatever editor seems appropriate and have a look at the headers. That reveals all.. every time without fail. A pattern check for MZ and win32 will show up a trojan in anything straight away.. unless it's a windows exe file.. and I have no use for those so they don't come into play... Not that most people can open a film in notepad.. but hey.. good programs are worth every penny (not).. and the skills to use them priceless... Free open source software = made by end users who want an application to work.... [ + quote]
snowlock (Junior Member) 8 May 2008 17:24
*Originally posted by grkblood:* @nobrainer I doubt that the porn industry, software industry, and movie/music industry work together. And don't these dreaded companies that you hate actually use P2P programs as a source to secretly find out which songs to promote and get free advertising? Anyways, enough with conspiracy theories. If you dont want to get the trojan don't steal. You know the risks when you d/l files off the internet. If you can live with the consequences then do it, if you cant then dont. Plain and simple. What you invision is an oxymoron, worry-free theft. what you say makes loads of sense, particularly about industries collaborating. the problem i have is with your wording; to me downloading riaa/mpaa media isn't stealing. personally, i don't believe the ads put in front of movies by the mpaa. "you wouldn't steal an old lady's purse. you shouldn't download movies." wtf? not the same in any way whatsoever. maybe if the old lady didn't allow anyone else in the world to have a purse except her and her friends. maybe if, at the same time, the old lady charged a surcharge to people for looking at it. maybe then it would be the same thing. until then, the facts are as follows: p2p filesharing is not a criminal offense, and only a civil matter. to me and many others, its legality is debatable at worst. [ + quote] This message has been edited since posting. Last time this message was edited on 8 May 2008 17:25
hulud86 (Junior Member) 8 May 2008 17:29
I recently got a trojan from filesharing and had to reinstall my OS. Last time i every use P2P [ + quote] This message has been edited since posting. Last time this message was edited on 8 May 2008 17:30
varnull (Senior Member) 8 May 2008 17:39
What's a Trojan??.. I support the spartans myself.. they rock!! You have to run or install the damn things to get them from p2p.. always read the comments, and always only get files from uploaders you trust or others say are ok. Free open source software = made by end users who want an application to work.... [ + quote]
grkblood (Member) 8 May 2008 17:56
listen, even IF they did have something to do with it, which I serious doubt they did, I'm not condoning it at all. I'm just saying you should know the risks pirating stuff, and if you dont you're a fool for doing it. Do as you please, but there will always be risks for the masses that dont have common since. Its your own fault if you let this happen to you. [ + quote]
wolf123 (Member) 8 May 2008 18:22
*Originally posted by ivymike:* This is why you ALWAYS check the validity of what you're downloading. With emule, this is easy. Emule are you kinding one of the worst ones out there since I knew about it I have never used it full of spy-ware and ad-ware. and if you think fire fox is safe think again I have been getting annoying web page full screen pop ups. [ + quote]
sgriesch (Newbie) 8 May 2008 20:21
*Originally posted by goodswipe:* Kinda reminds me of when the government use to tell people that if they smoked pot, they were funding communists and YOU to will also become a communist. Another awesome image: That license plate is awesome. I just bought a new vehicle Tueday. I wonder if I can get another version of that or if it's too late. [ + quote]
rayals (Junior Member) 8 May 2008 20:30
Using a public tracker is asking for trouble. Best thing to do is get on a private tracker and follow the rules. I have been a torrent d/l for a couple of years and NEVER have a problem. I get music in full album sets and cams/propers/r5's/screeners/r1's with no problems. Software is also easily available and untainted. I agree that if you are getting these type of viruses/trojans, you should not be using a computer. You do not know the basics of using a computer, nor do you know basic internet security. Your security is your business. Take note. [ + quote] This message has been edited since posting. Last time this message was edited on 8 May 2008 20:33
edge2000 (Junior Member) 8 May 2008 23:58
I dont use McAfee so I am sure that I am protected against this trojan. I use Limewire all the time so I am a little concerned. Never had a trojan or virus come through any P2P network for me. McAffe and Norton are viruses. Uninstall them and use AVG Free! [ + quote]
borhan9 (AfterDawn Addict) 9 May 2008 0:03
Well this is not good news for p2p users they have to be weary. The new viruses are worse than ever. I just spent the other day removing a worm from my dads work pc and u should have seen the effects this worm was having and it was really bad. I did manage to get rid of it by using Kaspersky Antivirus i have to say its the best out there i have seen worth the money. [ + quote]
nobrainer (Member) 9 May 2008 1:46
*Originally posted by rayals:* Using a public tracker is asking for trouble. Best thing to do is get on a private tracker and follow the rules. I have been a torrent d/l for a couple of years and NEVER have a problem. I get music in full album sets and cams/propers/r5's/screeners/r1's with no problems. Software is also easily available and untainted. I agree that if you are getting these type of viruses/trojans, you should not be using a computer. You do not know the basics of using a computer, nor do you know basic internet security. Your security is your business. Take note. correctumundo, i have in the last.... years, never once seen a virus on a closed tracker, other than demonoid once, but it was quickly removed, the problem for ppl is getting in though! @ as varnull states you have to RUN the dam .exe what moron would confuse that with either an mp3 or a picture file? The BPI Are: SONY, UNIVERSAL, WARNER GROUP, EMI. The RIAA Soundexchange Are: SONY, UNIVERSAL, WARNER GROUP, EMI. The IFPI Are: The same anti consumer lot as listed above! The MPAA Are: SONY, UNIVERSAL, WARNER GROUP, DISNEY, PARAMOUNT, FOX. [ + quote] This message has been edited since posting. Last time this message was edited on 9 May 2008 1:56
mspurloc (Junior Member) 9 May 2008 2:14
Any little, spotty-faced, teen bleeder who creates or distributes a virus should be shot through the head on international television. [ + quote]
domie (Member) 9 May 2008 6:26
*Quote:* *Originally posted by ivymike:* Emule are you kidding one of the worst ones out there since I knew about it I have never used it full of spy-ware and ad-ware. I'm puzzled how you would know it is full of spyware and adware if you have never used it. Emule is open source, free and has been the number 1 download on the sourceforge.net developers projects page for about 5 years running - twice as many downloads as bittorrent and azureus combined - no way would it be there if it was bundled with spyware and adware. http://sourceforge.net/top/topalltime.php?type=downloads I think you are confusing it with something else. [ + quote]
varnull (Senior Member) 9 May 2008 6:51
Fact... there is malware in the wild Fact... It can infect your hardware Fact... It isn't just "script kiddies" who make and distribute malware (sony rootkit fiasco) Fact... ddos attacks and spamming via botnets is a source of large amounts of revenue for the less morally concerned Fact... Any code that can be run or opened on your pc can be malware (vista is a great example of malware) Fact... when you visit ANY website you are at risk of encountering malware and exploits Fact.. javascript and flash media can be used to install exploits as easily as you downloading something (be aware of flash content on warez sites) Fact... windows is insecure So.. live with it and take the risks with an open mind. Run quality antivirus and use it with common sense... unix has a better solution.. Nothing downloaded can be just run, you have to change it's properties and permissions before it can install or exploit anything which may be system changing. Compared to that windows is like a free for all.. every file can do whatever the hell it wants all the time, regardless (it seems) of the owner and users permissions. With windows files can be "Administrator Always" which is where the problem comes from in the first place. Good antivirus (free is good enough) windows firewall.. a couple of anti-spyware,/anti malware applications (avg anitspyware is excellent.. spybot is also adequate.. combined with adaware and avast home edition antivirus they are nearly invincible) use Firefox, and install no-script plugin so that you can see what is trying to load... don't allow java to run anything you are unsure of, and certainly for general browsing block by default... Also look at where images are loading from.. be aware of cross site scripting exploits and xss trickery. This internet isn't a place for spoonfed n00bs.. unfortunately it is full to the brim of nasties just waiting for you to arrive with internet explorer wide open and the M$ trained behaviour of "allow" "next next next" The secret of safe p2p use and general internet use is this... Get clued up, and use your comon sense.. If a site feels wrong.. and sometimes it is only a feeling, don't let your guard down.. and finally.. Be prepared to wipe everything and start over until you get those gut feelings about what is and isn't correct behaviour from a file, website or whatever it may be.. they come with time and experience. Keep your OS on a different partition from your data (I install windows on E: which is only 20 gigs.. that confuses lots of malware) OR... use linux for your general browsing and day to day internet wotsits, and forget about the malware pretty much completely, and the need for pirate software or continual use of your credit card, which is an added bonus. I won't bash anybody who has encountered malware by accident.. I actively hunt for it and save it when found.. I will have a tickle at people who stupidly trust everything.. just because somebody says it is a safe street doesn't mean you should leave your car unlocked with the keys in does it. Free open source software = made by end users who want an application to work.... #1 image again.. check it out ;) [ + quote] This message has been edited since posting. Last time this message was edited on 9 May 2008 6:56
akira247 (Junior Member) 9 May 2008 9:43
yeah ive just got rid of a virus(trojan vundo),and few others viruses hit me 5 may..took ne 2 days to get rid and it still popped up next day,gone now though.. ive not had any problems for 3 years,running mcaffe and use few other cleaners,constant torrent user,and thats were i think i got it from a torrent site,coz not any limewire programs shareza etc for long time.. im sure it was a HD wallpaper pack. but i had constant popups for few days,mcafee never saw anything used MalwareBytes Anti-malware and the Vundofix,and a spyware program...found lots of things that were not there week before.. everything been ok for couple days now..wouldnt mind but i recently bought my annual renual from mcaffe.....what for?? [ + quote] This message has been edited since posting. Last time this message was edited on 9 May 2008 9:48
B33rdrnkr (Newbie) 9 May 2008 15:37
limewire sux anyways.. [ + quote]
Fibroptik (Newbie) 9 May 2008 21:37
One fine day IvyMike glorked: IM> Emule are you kidding one of the worst ones out there since I knew about it I have never used it full of spy-ware and ad-ware. What a lot of nonsense. > I'm puzzled how you would know it is full of spyware and adware if you have never used it. IvyMike is obviously clairvoyant. Dead people talk to him. > I think you are confusing it with something else. He is confusing it with Shareza. He is confused. FiberOptik [ + quote]
varnull (Senior Member) 9 May 2008 21:53
Emule Shareza limewire frostwire... ahhhhh.. my malware supermarket of choice.. Used by connosuers of malware and the intentional spreaders of trojans and virus files since the beginning of the internet.. Gotta love it. If I had a share folder I would put a few bombs in it for the unwary. There is an E-war going on above and beyond national borders here.. The mpaa etc are joining and logging downloads.. they are scanning ip's for certain files.. they find them, they download them to get your ip and the evidence of what you are sharing... why not hide some really nasty malware in a file as a trap for them? I do. It isn't sensible to download anything too obvious from my share folders... especially any .exe files. I run linux..(you need to know me to know that.. so you would be on my "permitted lists" anyway.. strangers beware) so what the hell are exe files doing on my machine??? heh heh heh.. my minefield.. waiting for adobe and others.. every button is already clicked.. an e-bomb if you would. Last real nasty I saw off limewire actually run and trash a system started downloading without even being selected.. so much for norton too.. it got infected itself and then helped replicate the virus.. it just came and ran with no interaction from the user at all. I know the name of a really nasty virus that will need a complete format, then a 3 pass wipe with killdisk, followed by a total repartition and reinstall, a bios virus check and a ram virus check to remove completely.... should I give the file name for the limewire fans... alladobekeys&serials2k7... there you go. Probably circulated by adobe themselves.. and believe.. it's a hottie ;) Free open source software = made by end users who want an application to work.... #1 image again.. check it out ;) [ + quote] This message has been edited since posting. Last time this message was edited on 9 May 2008 22:01
FredBun (Senior Member) 9 May 2008 22:05
excellent advise from varnull [ + quote]
phate316 (Junior Member) 10 May 2008 15:09
you should know all about safe streets varnull after having 3 cars stolen , did u leave the keys in them ????(sorry had to get last word in ) [ + quote]