Experts are warning internet users to be on their guard after more than half a million computers were infected with a single piece of malicious software.
In just seven days more than 530 000 instances of a single booby-trapped file have been spotted by analysts at internet security company McAfee, leading them to claim it is the biggest outbreak for several years.
The program works by posing as an ordinary media download, piggybacking on the draw of movies such as the recent St Trinian’s film or pop acts such as Girls Aloud. Instead of finding the video or song they are expecting, however, victims are fooled into infecting their computers with a secret program which then bombards them with adverts.
Toralv Dirro, a security strategist at McAfee’s Avert Labs, said it was the most successful piece of malicious code in three years — but that things could have been much worse. ”We’re lucky that this is relatively benign,” he said. ”We’re worried that other people might use the same system to seed a more damaging piece of malware — it may be a precedent that is used by somebody else.”
The technique, known as a Trojan horse, is common, but the latest variant appears to have been more successful than many of its counterparts. This could be because it was first planted on huge filesharing networks such as eDonkey and Limewire, which are used by millions of people to share music, movies and video files.
”It’s pretty much impossible for us to find out where it was injected into the system, or track it back to find out who is benefiting,” admitted Dirro. ”At the moment we have no idea who is responsible, and this is data we cannot easily get.”
Filesharing sites are a regular haunt for the writers of malicious software, but have also been used by some media companies to catch illegal downloaders in the act.
Last year a US company, MediaDefender, was discovered to be deliberately seeding popular networks with poor-quality videos and decoy music files in an attempt to reduce the popularity of peer-to-peer systems. But Dirro said that there was no indication the latest outbreak was the result of such action. ”Most likely it is somebody involved in the advertiser’s affiliate programme, and they make some small amount of money every time the software is installed,” he said. – guardian.co.uk Â