Malware threat from fake MP3 files and fastmp3player.com

There is a new malware threat in the wild circulating among various file sharing networks. The threat is spread by duping file sharing users into downloading fake mp3 audio and mpeg movie files, which have very enticing filenames (some listed below in extended comments). All of these fake files have very small file sizes, which should be a giveaway that something is wrong with them. Despite that fact, almost 400,000 PCs are now infected in just a few days, after their users downloaded and opened some of these rigged files.

When a file sharing user double-clicks to play one of these files they get a surprise. Instead of seeing a movie or hearing a music file they are presented with a browser page that displays a EULA consisting of about 4800 words. The scam tells them that they must install a special media player, from fastmp3player.com - to playback the file they are trying to hear/see. Upon agreeing to the EULA the user is redirected to fastmp3player.com where a file download box appears, for a file named (at this time) "PLAY_MP3.exe." This file will install two separate adware and spyware applications; "FBrowsingAdvisor" and "SurfingEnhancer."

Apparently, in samples that have been analyzed in the last two days, these attacks are specifically designed to work in the Firefox browser. If Firefox is not found on the victim's computer, they will get a Windows error message and will be urged to download and install Firefox.

Most major anti virus and anti spyware companies can already detect and remove this threat, which has been elevated to a "medium threat" status by McAfee, for home users.

People who like to obtain copyrighted music or movies without paying a fair price for a licensed copy are left at risk from botmasters looking to increase their botnets, and criminals using affiliate programs to earn commissions for installing spyware and adware onto as many computers as possible.

What you can do to protect your computer from this threat.

Stop using file sharing programs like Limewire or Kaaza, or others, that allow people to distribute (share) copyrighted works illegally. They are riddled with malware files of all sorts. Instead, use one of the legitimate music or movie websites, like Apple's iTunes, Real Rhapsody, or Napster.

Install a modern, legitimate anti virus program that offers multiple daily updates and set it to receive automatic updates every hour. If you can't set it to an hourly schedule then run a manual check for updates as often as you think about it. Or, use Windows Task Scheduler to run the updater executable every hour. Reputable anti virus companies include Trend Micro, Symantec, McAfee, NOD32 and AVG.

Install a reputable anti spyware program and keep it updated as often as possible. Recommended companies include PCTools Spyware Doctor, Webroot's Spy Sweeper, Trend Micro PC-cillin, Lavasoft's Ad-Aware and anti-virus, and Spybot Search and Destroy.

Scan for threats every day, before you get busy online, or every night, before you turn off the computer for the night.

Trend Micro Internet Security products,

for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.