ExtraTorrent.cc - The Largest Bittorent SystemLogin   |   Register
Latest Articles
Most searched
Hot torrents
First Cams
View Torrent Info: Guardians of the Galaxy Vol.2 2017 HDCAM 700MB x264-DiRG
View Torrent Info: Free Fire 2017 HDCAM x264-CPG
View Torrent Info: The.Fate.of.the.Furious.2017.HDTS.H264.AC3.HQ.Hive-CM8
View Torrent Info: The Boss Baby 2017 720p HD-TS x264 AC3-CPG
Hot torrents
View Torrent Info: The Wolfman Legacy - Werewolf of London (1935) Xvid DvDRip [DDR]
View Torrent Info: Dont.Fuck.in.the.Woods.2016.HDRip.XviD.AC3-EVO
View Torrent Info: Small.Crimes.2017.HDRip.XviD.AC3-EVO
View Torrent Info: The.Sex Addict.2017.HDRip.XViD-ETRG
Hot torrents
H264 X264
View Torrent Info: Small Crimes (2017) NF - 720p WEBRiP - 850MB - ShAaNiG
View Torrent Info: Rogue One (2016) 720p BluRay x264 DTS Soup
View Torrent Info: Sold (2016) x264 DvDRip DDS 5.1 Esub -DDR
View Torrent Info: Voice.from.the.Stone.2017.720p.WEB-DL.H264.AC3-ETRG
Hot torrents
BluRay, 4k UHD
View Torrent Info: Fifty.Shades.Darker.2017.UNRATED.Multi.1080p.BluRay.x264.DTSHD7.1-DDR
View Torrent Info: Avatar.2009.4K.HDR.10bit.BT2020.DTS.HD.MA-VISIONPLUSHDR1000
View Torrent Info: The Void 2016 Bluray 1080P x264 DTSHD 5.1 -DDR
View Torrent Info: The Legend of Ben Hall 2016 Bluray 1080p x264 DTSHD5.1 -DDR
Hot torrents
View Torrent Info: The.Son.S01E05.WEB-DL.x264-FUM[ettv]
View Torrent Info: Training.Day.S01E10.WEB-DL.x264-FUM[ettv]
View Torrent Info: Samurai.Jack.S05E07.HDTV.x264-W4F[ettv]
View Torrent Info: The.Originals.S04E06.WEB-DL.x264-FUM[ettv]
View Torrent Info: [ 18] Sechs Schwedinnen auf Ibiza (1981) BDRip 720p x264 [Multi Audio] [German Spanish English]--prisak~~{HKRG}
View Torrent Info: Viking 2016 RUSSIAN 720p BRRip 999 MB - iExTV
View Torrent Info: The Lodge (2008) x264 720p UNCUT BluRay Eng Subs {Dual Audio} [Hindi ORG DD 2.0   English 5.1] Exclusive By DREDD
View Torrent Info: [ 18] High Test Girls (1980) DVDRip x264 [Dual Audio][German English]--prisak~~{HKRG}
To add new messages please Login or Register for FREE
Warning! Use a VPN When Downloading Torrents!
Your IP Address is   Location is United States
Your Internet Provider and Government can track your torrent activity!  Hide your IP ADDRESS with a VPN!
ExtraTorrent strongly recommends using Trust.Zone VPN to anonymize your torrenting. It's FREE!
Get VPN Now for FREE!

Fake MP3s Running Rampant

Post a Reply    Subscribe to Topic    
No avatar
Posted: Thu May 08, 2008 02:12
Author: Blocked
Detection of a trojan named Downloader-UA.h was added to the McAfee DAT files several days ago. Since that time more than 360,000 McAfee VirusScan Online users have reported detections, a whopping 32% of those reporting in the past 24 hours alone. Now Downloader-UA.h is not your everyday trojan, this detection covers fake music and video files associated with fastmp3player.com.

When a user attempts to load one of these MP3 and MPG files, they don?t get the music/video they were hoping for; instead they?re directed to download a file named PLAY_MP3.exe. In fact, the MP3/MPG file they downloaded was completely fake, playing no media clip what so ever.

Here are some of the samples names that we?ve seen. Many many other file names are surely floating around on P2P networks. File sizes vary as these files are padded with nulls.

preview-t-3545425-changing times earth wind .mp3
preview-t-3545425-girls aloud st trinnians.mp3
preview-t-3545425-heartbroken fast t2 ft jodie.mp3
preview-t-3545425-jij bent zo jeroen van den.mp3
preview-t-3545425-meet bambi in kings harem.mp3
preview-t-3545425-middle eastern chick.mpg
preview-t-3545425-paint me bunmingham.mp3
preview-t-3545425-paralyized by you.mp3
preview-t-3545425-pull over levert.mp3
preview-t-3545425-say it right remix.mp3
preview-t-3545425-st trinnians girls aloud.mp3
preview-t-3545425-theme godfather.mp3
t-3545425-bentley bizzle.mp3
t-3545425-dx vs randi orton 2007.mpg
t-3545425-haloween special.mp3
t-3545425-just got lucky.mp3
t-3545425-lion king portugues.mpg
t-3545425-los padres de ella.mpg
t-3545425-para sayo freestyle.mp3
t-3545425-peanut butter jelly amende.mp3
t-3545425-stare at sun thrice.mp3
t-3545425-suicide bride dana.mp3
t-3545425-wayne and jane.mp3

If users agree to download and run PLAY_MP3.exe (detected as Generic PUP.a with McAfee DAT files) a 4,800 word EULA is displayed.

Notable parts of the EULA include:

(3) The Licensed Materials you install will also include/be bundled with the following 3rd Party software products:

PRODUCT Mirar AND EULA http://policy.getmirar.com/

And my favorite:

22. Effective: January 14, 2007.


NetNucleus Privacy Policy/EULA
This End User License Agreement (the ?Agreement?) is a legal agreement between you and NetNucleus Corp.

Does END OF DOCUMENT mean you can ignore the rest? Gotta love it when a ?vendor? expects their ?customers? to read a EULA that they themselves did not seem to read!

If you agree to the EULA and choose to proceed, Adware ?FBrowsingAdvisor? and ?SurfingEnhancer? is installed as described in the EULA. I especially like the directory named used by the developer:

c:\Documents and Settings\tani\My Documents\Dreamsoft\Firefox\firefox_adware\FF-Source\Source\Release\XPCOMEvents.pdb

If Firefox is not installed users may see an error message:

PlayMP3.exe from PlayMP3z.biz is installed, which is simply a browser control wrapped in an exe, and doesn?t actually play local MP3 files, but rather loads a webpage running the Wimpy MP3 Flash player. This page lets the user listen to a canned selection of a couple dozen songs.

In the end you?re left with a fake MP3 file taking up space, a worthless MP3 player, adware that claims not only to not display popups, but also to block them, and more adware that successfully displays popup and popunder ads.

This entry was posted on Tuesday, May 6th, 2008 at 12:08 pm and is filed under Malware Research, Potentially Unwanted Programs. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

16 Responses to ?Fake MP3s Running Rampant?
Blast - McAfee identifies ?Downloader-UA.h,? first medium risk malware in three years - The Online Magazine Says:
May 6th, 2008 at 5:28 pm
[?] Avert Labs reported Tuesday the most significant malware outbreak in three years with more than 500,000 detections of a [?]

Computer Security Research - McAfee Avert Labs Blog Says:
May 7th, 2008 at 3:25 am
[?] Earlier we blogged about Fake MP3s Running Rampant, mostly on P2P networks, such as Limewire. I took some time to create a video clip showing what the [?]

Rigged Vid?s on LimeWire « Ladgeful Says:
May 7th, 2008 at 5:42 am
[?] pm on May 7, 2008 | # | McAfee that a major new outbreak is infecting computers using P2P clients. [VIA] [?]

Avert Medium Threat Advisory -- Fake MP3 malware attacks - Harry Waldron - Microsoft MVP Blog Says:
May 7th, 2008 at 5:49 am
[?] avoid the site: fastmp3player (dot ) com Avert Medium Threat Advisory ? Fake MP3 malware attacks http://www.avertlabs.com/research/blog/ ... g-rampant/ http://www.avertlabs.com/research/blog/ ... dia-files/ [?]

Avert Medium Threat Advisory -- Fake MP3 malware attacks - Harry Waldron - My IT Forums Blog Says:
May 7th, 2008 at 5:50 am
[?] avoid the site: fastmp3player (dot ) com Avert Medium Threat Advisory ? Fake MP3 malware attacks http://www.avertlabs.com/research/blog/ ... g-rampant/ http://www.avertlabs.com/research/blog/ ... dia-files/ [?]

Post a Reply    

Forum Search

  search in post message
  search in topic subject

Home - Browse Torrents - Upload Torrent - Stat - Forum - FAQ - Login
ExtraTorrent.cc is in compliance with copyrights
Can't load ExtraTorrent? Try our official mirrors: etmirror.com - etproxy.com - extratorrentonline.com - extratorrentlive.com
2006-2017 ExtraTorrent.cc1