We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,821 News Articles

Dangerous malware infects via P2P music

New worm aimed at music sharers

Music fans running Windows are being targeted by new worm-like malware that attacks those who download tracks from peer-to-peer (P2P) networks.

Playing an infected music file will launch Internet Explorer, and load a malicious web page which asks the user to download a codec, a well-known trick to get someone to download malware.

The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC, according to David Emm, senior technology consultant at Kaspersky. The proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity, Emm said.

"The possibility of this has been known for a little while but this is the first time we've seen it done," said Emm.

The malware has worm-like qualities. Once on a PC, it looks for MP3 or MP2 audio files, transcodes them to Microsoft's Windows Media Audio format, wraps them in an ASF container and adds links to further copies of the malware, in the guise of a codec, according to another security analyst, Secure Computing.

The '.mp3' extension of the files is not modified, however, so victims may not immediately notice the change, according to Kaspersky.

Most savvy PC users are aware of the codec ruse, but the style of attack is still effective since many media players do need to receive updated codecs occasionally in order to play files.

"Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream," Secure Computing said.

Users on a digital audio enthusiast site differed over the danger level of the malware.

"I never allow programs to choose which codecs I use to play back media," wrote JXL on the Hydrogen Audio forum "I research it and get the codec bundles off of sites I know to be trustworthy and even then I still scan them and check to make sure they are what they are. I honestly don't feel that this malware has a very good chance of spreading fast."


IDG UK Sites

Google Fit vs Apple Health Kit: What's the difference?

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Introducing generation tech

IDG UK Sites

This animated film reveals the importance of designing for everyone