McAfee identifies “Downloader-UA.h,” first medium risk malware in three years John M. Guilfoil May 6, 2008 Computers, Science and Technology McAfee Avert Labs reported Tuesday the most significant malware outbreak in three years with more than 500,000 detections of a Trojan horse they’re calling “Downloader-UA.h,” which is spreading by masquerading as a media file. “The malicious MP3 music or MPEG video files have appeared on popular file-sharing services such as Limewire and eDonkey,” Avert Labs said in a statement. McAfee has rated “Downloader-UA.h” as a “medium” risk threat. It is the first malware to receive that risk rating since 2005. It is the most dangerous threat to mask itself as a multimedia file ever recorded. “This is one of the most prevalent pieces of malware in the last three years,” said Craig Schmugar, threat researcher at McAfee Avert Labs. “We have never before had a threat this significant that arrives as a media file.” The last time McAfee went to “medium” on a computer threat was W32/Sober from November 2005. Sober was a virus that proliferated massively through email. The malicious files are all named differently in multiple languages and vary in size to make them appear like legitimate music or video files, McAfee said. Attempting to play one of the malicious files will trigger a program called “PLAY_MP3.exe” to download, launch, and force advertisements to appear on the infected computer. Some of the sample names used by the malicious media files include “preview-t-3545425-adult.mpg” ; “preview-t-3545425-changing times earth wind .mp3” ; “preview-t-3545425-girls aloud st trinnians.mp3” ; “preview-t-3545425-jij bent zo jeroen van den.mp3” ; “t-3545425-lion king portugues.mpg” and “t-3545425-los padres de ella.mpg” If you need a another reason to get rid of Limewire and other filesharing apps, you might not get a better one. Logging In... Profile cancel Sign in with Twitter Sign in with Facebook or CommentName EmailNot published Website Notify me of follow-up comments by email. Notify me of new posts by email.