Microsoft Discovers New Malware Family Wimad Poses as Free Music
According to the software giant, the malware family propagates by attracting computer users with free music files. A number of malicious files has been identified circulating across the Interest with the extensions of .WMA, .ASF, .MP3, and .ASX.
When a user opens any of these files in Windows Media Player, he is led to a new address where he is persuaded to download a new file. These files are malicious programs, but security experts believe that this method only functions with specific older editions of Windows Media Player.
Microsoft security experts have said that Adware:Win32/Playmp3z, a variant of Wimad, is known as "free music player" and can be downloaded from the website 'PlayMP3z.biz'.
The monthly detection of Wimad malware family from May 2008 to April 2009 reveals that its detection has risen at an average of around 1.5 Million per month and the highest detections were recorded in December 2008 and January 2009, crossing over 2 Million, said Microsoft's malware Protection Center.
Country-wise analysis of the distribution of Wimad malware family for 2008 highlights that US, UK and Canada observed the highest number of attacks.
The stupendous growth of music malware is accredited to people's inquisitiveness of buying free music instead of spending money to buy from legitimate licensed sources as people are affected by the ongoing recession in one way or another. In such a tough time, people often try to save money but security experts have advised them not to be lured by free online music.
In October 2008, Microsoft's malware Protection Center had discovered a malicious file "wrar380CorporateEdition.exe" posing as free install kit for the WinRar archiver.
Security experts said that the malicious kit was a self-extract installer for Cabinet (CAB) files and contained 2 files "Setup_ver1.1808.0.exe" and "wrar380.Regged.exe." Both the files automatically execute with the running of the installer. It is said that "wrar380.Regged.exe." was a WinRAR and other file was a malware. The detailed study of "Setup_ver1.1808.0.exe" shows that it was the modified version of notorious Zlob Trojan.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 30-05-2009