File sharing infects 500,000 computers

McAfee has reported what it claims is the most significant malware outbreak in three years, with more than 500,000 detections of a Trojan horse which masquerades as a media file.

A number of fake video and music files have been deliberately spread over peer-to-peer file sharing services like Limewire and eDonkey. These were malicious MP3 and MPEG files triggering the download of an application which served ads to the infected computer.

"People were downloading these files hoping it was music, but it was a media file format that allowed you to link to another site where you downloaded additional files," said Toralv Dirro, security strategist at McAfee Avert Labs.

"Those files downloaded turned out to adware that in some cases even asked the user to accept an end user licence agreement prior to installing."

McAfee saw this as 'medium' risk, with no other malware receiving that risk rating since 2005 as all others were rated less severe.

The security vendor claimed that it was the most prevalent piece of malware in the last three years, and that it had never seen a threat this significant come as a media file.

The huge figure came from retail users that had the option to submit data on what viruses and adware was detected on their computer to McAfee and made publicly available.

Dirro said: "We are currently seeing that the distribution is still going on. It is now at about 580,000 where files have been detected, so people are continuing to download and share these files."

The strategist said that these only reported the incidents that were actually detected, and the real number of users and computers affected would be much higher.

He said that although the damage in this case was not too serious as it was only adware, it could have been much worse and what McAfee were now afraid of in the future was attackers with a more sinister agenda.

"They could try and copycat this attempt as they have seen it is a very successful way to distribute malware," Dirro said. "In the future we are pretty much expecting this distribution method a lot more."

Dirro said that instead of pointing to adware, it could lead users to spyware which would instead try to steal people's data. Instead of being a multimedia file it could take the form of a directly executable one.

"It has happened in the past, but not anywhere close to this scale," Dirro said of the peer-to-peer nature of the attack.