There have been many media reports (The Register, BBC News Online, TechRadar, ZDNet, Eweek, etc..) in the last 24 hours or so following a blog post from our friends at McAfee, describing a Trojan horse that is said to have infested P2P networks.
The Trojan horse (which is detected as Troj/Wimad-E by Sophos, but called Downloader-UA.h in many of the news stories) is reported to have struck the PCs of home users who have downloaded specially-crafted MPG movie and MP3 music files from peer-to-peer file-sharing networks.
This isn’t a new technique for malware authors. For years they have used a cornucopia of alluring filenames on a variety of P2P networks to try and seed their malware. This latest attempt Windows uses Digital Rights Management (DRM) to trigger a visit to a malicious webpage that will, in turn, attempt to download adware-related files to the downloader’s computer.
In this latest example some of the filenames reported to have been planted on P2P networks include:
- girls aloud st trinnians.mp3
- changing times earth wind.mp3
- heartbroken fast t2 ft jodie.mp3
- meet bambi in kings harem.mp3
- paralyized by you.mp3
- pull over levert.mp3
However, serial downloaders would be wise to realise that this list is far from exhaustive and hackers can constantly change the name of the affected file in an attempt to catch more victims.
Sophos is not receiving widespread reports of this Trojan horse, probably because our customer base is made of corporations rather than home users – and businesses tend to have tighter control over the use of P2P file-sharing applications because of concerns over illegal and malicious content, bandwidth and user productivity.
If the infection rate amongst consumers is anything like as high as some reports have suggested, however, then it is a sad indictment on the level of computer security protecting the typical file-sharer at home. Is it any wonder that the bad guys can make so much money from adware and spyware if the typical guy in the street has no clue about how to defend their PC?
* Image source: PÃ¨re Ubu’s Flickr photostream (Creative Commons 2.0)