Hopefully people have seen this.. but it's worth posting:
Hundreds of thousands of examples of a new Trojan that poses as a media file have flooded onto P2P networks.
Since Friday 2 May more than half a million instances of the Trojan have been detected on consumer PCs, according to net security firm McAfee. The anti-virus firm reports the spread of the Downloader-UA.h Trojan as the most significant malware outbreak in the last three years.
Source: TheRegister
Source: Mcafee
What's interesting about this, is that I came across this "new" idea from a post by ISS (dated 29th April), which you can see here
While the above post talked about .ASF files, all the bad-guys have done is rename the .asf files to .mp3... Windows Media Player just reads Metadata in the header and runs the script :(
SaneSecurity ClamAV Generic detection was added on 30th April 2008 for this new idea and so I was interested to find that these "new" mp3s McAfee are talking about, are found using the same generic signature :)
Note: You must be using ClamAV v0.93 to be able to detect this
No comments:
Post a Comment