Music Unleashes the Malware Beast

May 12, 2008 – 11:14 AM

This definitely won’t be music to the ears of music aficionados who acquire their MP3s from peer-to-peer (P2P) networks, but it’s definitely not something they haven’t heard of either.

A host of adware under the guise of media files on P2P networks have been reportedly raking up numbers of victims on the Web. It was initially reported by McAfee in their blog and gained attention after it was deemed worthy of a “medium” threat level by the said security vendor.

Investigations made by Trend Micro researchers reveal that some of the adware pose as an MP3 or MPG file in P2P networks under the following fake file names:

• Preview-T-3545425-kylie carried away.mp3
• Preview-T-3545425-patayin sa sindak si barbara.mp3
• Preview-T-3545425-say it tpain.mp3
• Preview-T-3545425-you are what love jenny lewis.mp3
• T-192511-Preview-T-3545425-hank wiiliams sr.mp3
• T-210943-Preview-T-3545425-lolie pop lil wyane.mp3
• T-2559308-Rare Recording.wma
• T-27595-Preview-T-3545425-last king of scotland 2006.mpg
• T-3523960-T-3545425-never back down sound track.mp3
• T-408673-T-3545425-billy ellot.mpg
• T-482753-Preview-T-3545425-ever same bon jovi.mp3
• T-56319-Preview-T-3545425-buddy holly just you know why.mp3
• T-660855-Preview-T-3545425-(Porno) Kim Kardashian & Ray J (full sex tape).mpg
• T-89957-Preview-T-3545425-that chick mariah carey.mp3

Researchers believe that the fake file names are derived from users’ files themselves and are used at random. These files come in adware packages detected as the following:

• ADW_AGENTODK
• ADW_SAHAGENTBJ
• ADW_ZENO

Upon download of the supposed media file, it connects the user to the URL http://www.{BLOCKED}3player.com/affiliates/772465/1/PLAY_MP3.exe and downloads PLAY_MP3.EXE. This file is detected by Trend Micro as ADW_AGENT.FMG.

As notable and “rampant” as this attack is known to be, a malware posing as a media file in a P2P network isn’t exactly breaking news. As Trend Micro Security Researcher Joey Costoya explains, “It should be noted that propagating malware through P2P, even through media files, is not that new. This technique has been seen some years ago. And P2P networks are always loaded with fake stuff that will eventually lead to a malware infection.”

The silver lining: P2P networks have been infamous mostly due to copyright violation issues and its reputation as an unsafe source for media files. With such cases as this to prove that, users now ought to think twice before resorting to P2P networks for their next MP3 file, or else music will not tame the savage malware beast, but unleash it.

Source: TrendLabs Malware Blog