"McAfee is warning file-sharers that they may be at risk due to a Trojan horse posing as an MP3 or MPEG file."
"The security firm said Tuesday that it had detected a half million instances of the malware since Friday, dubbed "Downloader-UA.h." It is calling the incident the most significant malware outbreak in three years.
A check of McAfee's virus map showed the majority of infections have occurred in the US during the past 24 hours, although high rates of infection are being reported in Mexico, Venezuela, Brazil, Australia, and much of Western Europe. It appears as if the files are located on Gnutella and Limewire under a variety of names. When loaded, the file redirects through the player to a download of a file called PLAY_MP3.exe.
Once this file loads, it shows up a EULA, and if accepted, the files "FBrowsingAdvisor" and "SurfingEnhancer" are installed. The file PlayMP3.exe is also installed, but instead of it being an actual local MP3 player, the application loads up a webpage with the Wimpy Flash MP3 player with several dozen songs available.
The two previous files are believed to load some type of adware, which instead of blocking popups like the EULA claims deliver them to the end user. McAfee rated the issue a "medium" risk, the first time its given any piece of malware such a high rating since 2005."