Some media attention has been given to the circulation of a number of malicious files found on gnutella networks accessed by LimeWire users. As always, please use caution when participating in these sorts of networks. Anytime files are shared amongst a community of users, there is an increased risk of malware.
Some files were distributed on those networks with a .mp3 or .mpg extension and instead of video or audio content, contain asf files, which are scripts that direct the default handler (your web browser) to a specified URL or web site.
Luckily, most users find it suspicious when they expect to play a sound or video file in their media player, and instead receive a web browser prompting them to download and install more software. So they don’t run it — that’s probably why McAfee saw a half million .mpg/mp3′s that contained a link to malicious software, but saw not even 10% of that number resulting in actual downloaded adware on user’s desktops.
While it’s great that AV scanner detection has caught up with the file extension trickery on the P2P networks, it’s unfortunate that the individuals peddling this adware just skip that step and distribute binaries. Setup.exe files archived in “american pie full dvd movie.zip” and many other misleading filenames are floating around the P2P networks with the exact same payload as the downloaders described in the news.
It wouldn’t make much sense that an entire “full dvd movie” could be contained in a 94kb zip file, but some users don’t make that connection. Instead of a full dvd, the user gets multiple pieces of adware installed on their system, like Adware.Agent!sd5, Adware.PlayMP3z /Adware.PlayMP3z.
The old adage follows, “If it seems too good to be true, it probably is.”