Malware threat from fake MP3 files and fastmp3player.com
There is a new malware threat in the wild circulating among various file sharing networks. The threat is spread by duping file sharing users into downloading fake mp3 audio and mpeg movie files, which have very enticing filenames (some listed below in extended comments). All of these fake files have very small file sizes, which should be a giveaway that something is wrong with them. Despite that fact, almost 400,000 PCs are now infected in just a few days, after their users downloaded and opened some of these rigged files.
When a file sharing user double-clicks to play one of these files they get a surprise. Instead of seeing a movie or hearing a music file they are presented with a browser page that displays a EULA consisting of about 4800 words. The scam tells them that they must install a special media player, from fastmp3player.com - to playback the file they are trying to hear/see. Upon agreeing to the EULA the user is redirected to fastmp3player.com where a file download box appears, for a file named (at this time) "PLAY_MP3.exe." This file will install two separate adware and spyware applications; "FBrowsingAdvisor" and "SurfingEnhancer."
Apparently, in samples that have been analyzed in the last two days, these attacks are specifically designed to work in the Firefox browser. If Firefox is not found on the victim's computer, they will get a Windows error message and will be urged to download and install Firefox.
Most major anti virus and anti spyware companies can already detect and remove this threat, which has been elevated to a "medium threat" status by McAfee, for home users.
People who like to obtain copyrighted music or movies without paying a fair price for a licensed copy are left at risk from botmasters looking to increase their botnets, and criminals using affiliate programs to earn commissions for installing spyware and adware onto as many computers as possible.
What you can do to protect your computer from this threat.
- Stop using file sharing programs like Limewire or Kaaza, or others, that allow people to distribute (share) copyrighted works illegally. They are riddled with malware files of all sorts. Instead, use one of the legitimate music or movie websites, like Apple's iTunes, Real Rhapsody, or Napster.
- Install a modern, legitimate anti virus program that offers multiple daily updates and set it to receive automatic updates every hour. If you can't set it to an hourly schedule then run a manual check for updates as often as you think about it. Or, use Windows Task Scheduler to run the updater executable every hour. Reputable anti virus companies include Trend Micro, Symantec, McAfee, NOD32 and AVG.
- Install a reputable anti spyware program and keep it updated as often as possible. Recommended companies include PCTools Spyware Doctor, Webroot's Spy Sweeper, Trend Micro PC-cillin, Lavasoft's Ad-Aware and anti-virus, and Spybot Search and Destroy.
- Scan for threats every day, before you get busy online, or every night, before you turn off the computer for the night.
Spyware Doctor is a multi-award winning spyware removal utility that detects, removes and protects your PC from thousands of potential spyware, adware, Trojans, keyloggers, spybots and tracking threats.
Spyware Doctor is fully capable of detecting and removing hidden processes associated with complex threats and rootkits. Such threats are otherwise difficult to remove by conventional means since they may be hidden to the operating system.
A Startup Scanner removes references to malicious programs that run at startup in the registry and Windows startup files, as well as malicious files in Windows startup locations.
State-of-the-art scanning engines, including file scan, memory scan, registry scan, browser helper objects scan, cookie scan and much more.
