Bogus movie and song files used to spread malware.

Attackers are using fake MP3 files to launch one of the largest malware attacks in recent years, experts warned today.

The social engineering attacks purport to offer MP3 files or Mpeg movie files.

On downloading and launching the file, the user is prompted to launch an executable called 'play_mp3.exe' which installs adware.

Instead of a movie or song, the user gets a pair of adware tools for the Firefox web browser. If the user does not have Firefox installed, an error message asks the user to install the software.

McAfee researcher Craig Schmugar explained that the fake files have been traced to the fastmp3player.com domain. McAfee has detected the attacks on more than 360,000 machines, including more than 120,000 in the past 24 hours.

"This is one of the most prevalent pieces of malware in the past three years, " he said. "We have never had a threat this significant that arrives as a media file."

The malware launches a multimedia tool which Schmugar described as "simply a browser control wrapped in an executable".

"In the end you are left with a fake MP3 file taking up space, a worthless MP3 player, and adware that displays popup and pop-under ads," he said.

Posted by Annette King in Adware, Spyware and Trojans at 12:59

There will be a new contest at the Defcon hacker conference this August, one that antivirus vendors already hate.

Called Race-to-Zero, the contest will invite Defcon hackers to find new ways of beating antivirus software. Contestants will get some sample virus code that they must modify and try to sneak past the antivirus products.

Awards will be given for "Most elegant obfuscation," "Dirtiest hack of an obfuscation," "Comedy value" and "Most deserving of beer," contest organizers say.

The contest was announced Friday. Security vendors began panning it immediately, saying it will simply help the bad guys learn some new tricks.

"It will do more harm than good," said Paul Ferguson, a researcher with antivirus vendor TrendMicro. "Responsible disclosure is one thing, but now actually encouraging people to do this as a contest is a little over the top."

Some compared the contest to a controversial 2006 Consumer Reports review of antivirus software. In that article, the magazine created 5,500 new virus samples, based on existing malware, and was roundly criticized by antivirus vendors for contributing to the rapidly expanding list of known malware.

Security companies are already having a hard time keeping up with the torrent of new malware.

With antivirus vendors already processing some 30,000 samples each day, there's no need for any more samples, said Roger Thompson, chief research officer with antivirus vendor AVG Technologies. "It's hard to see an upside for encouraging people to write more viruses," he said via instant message. "It's a dumb idea."

Contest organizers say that they're trying to help computer users understand just how much effort is required to skirt antivirus products. "The point behind the contest is to illustrate that antivirus alone is not a complete defense against malware," said one of the contest's organizers, who identified himself only as "Rich," in an e-mail message.

The Race-to-Zero sponsors hope to present the contest results during Defcon, Rich said.

The contest is not organized by Defcon, but is one of the unofficial events that the show's organizers have encouraged attendees to arrange.

Defcon runs Aug. 8 to Aug. 10 at the Riviera Hotel & Casino in Las Vegas.

Written by Robert McMillan, IDG News Service

Original Story

Posted by Annette King in Virus & AntiVirus News at 09:41

Attacks on legitimate Web domains, including some belonging to the United Nations, have expanded dramatically this week, security researchers said today. Hundreds of thousands of pages have been hacked already.

One antivirus vendor said the sites might have been compromised through a "security issue" in Microsoft Web server software that has been reported to Microsoft Corp. engineers.

On Wednesday, several security companies, including San Diego-based Websense Inc., said large numbers of legitimate sites, including ones with URLs belong to the U.N., had been hacked and were serving up malware. Those latest compromises were only the most recent SQL injection attacks, however. Similar attacks have been launched since the first of the year and were last detected in large numbers in March.

Posted by Annette King in Adware, Spyware and Trojans at 09:13

The United Nations and United Kingdom government Web sites have fallen victim to a widespread malware attack that have infected hundreds of thousands of legitimate sites worldwide.

Researchers at Websense Security Labs issued a security advisory on the company's Web site Tuesday warning users of the attack. Researchers first detected initial malware strains last week, however the amount of affected pages began to rise exponentially on Monday and Tuesday, Websense security experts said.

The attack is similar to many others that use legitimate Websites to distribute malware, experts say. This time, users visiting the infected sites will unknowingly download a malicious file that attempts to deliver a combination of eight different exploits with the intention of stealthily infiltrating machines and installing information stealing malware.

Posted by Sean Cannon in Virus & AntiVirus News at 15:04