|This article does not cite any references or sources. (March 2010)|
Spreading through peer-to-peer file sharing networks, users download files (going by a variety of names) which are disguised as MP3s or MPGs. Instead of sharing music or video these files simply direct the user to a web page from where, they are promised, they can download a free media player.
They will then install the play_mp3.exe executable, which, when run, installs the Downloader-UA.h downloader. Oddly the user is also shown, and asked to accept, a lengthy license agreement permitting the installation of the adware programs "SurfingEnhancer" and "FBrowsingAdvisor" onto the user's PC.
Once installed the play_mp3.exe file can perform a number of malicious activities including displaying adware, installing unwanted programs, hijacking the user's system and communicating with third parties. The promised media player then turns out to be a web-based player which offers only a limited range of saved tracks.
As a note on naming, trojans may have different versions of themselves, each with a different name and possibly slightly different behavior. These various versions are called strains, and trojans and their strains can also be grouped into families. Play_mp3.exe (and its over 220 alternatively named strains) are part of Downloader-UA.h downloader, Trojan. AdClicker, and Adware Generic2.AARK families.
| This article uses material from the Wikipedia article Play mp3.exe, that was deleted or is being discussed for deletion, which is released under the Creative Commons Attribution-ShareAlike 3.0 Unported License.