Researchers at McAfee Avert Labs have discovered a new Trojan downloader attack that masquerades as legitimate media files. At least 500,000 computers have already become infected.
McAfee researcher Craig Schmugar said that on the surface the downloader appears to be an MP3 or MPG file. In reality the file is actually an ASF file with no real media content. ASF files can direct media players to navigate to specific URLs, and that's exactly what happens in this particular attack.
The fake media file directs the media player to download an installer program that loads adware onto the user's computer. The adware then causes untold numbers of pop-up and pop-under windows to appear, each one loaded with advertisements.
On May 6 the company reported at least 360,000 infections. By May 7 that number had grown to approximately 500,000 infections. However, the actual number of infections across the Internet is undoubtedly much larger since McAfee's statistics are based only on the reports from users who have opted in to reporting malware detection to the company.