Play_mp3.exe is a trojan horse. It is an executable file downloaded from a website which promises the user a free MP3 or MPG player. The trojan Spreading through peer-to-peer file sharing networks, users download files (going by a variety of names) which are disguised as MP3s or MPGs. Instead of sharing music or video these files simply direct the user to a web page from where, they are promised, they can download a free media player. They will then install the play_mp3.exe executable, which, when run, installs the Downloader-UA.h downloader. Oddly the user is also shown, and asked to accept, a lengthy license agreement permitting the installation of the adware programs "SurfingEnhancer" and "FBrowsingAdvisor" onto the user's PC. Unwanted consequences Once installed the play_mp3.exe file can perform a number of malicious activities including displaying adware, installing unwanted programs, hijacking the user's system and communicating with third parties. The promised media player then turns out to be a web-based player which offers only a limited range of saved tracks. As a note on naming, trojans may have different versions of themselves, each with a different name and possibly slightly different behavior. These various versions are called strains, and trojans and their strains can also be grouped into families. Play_mp3.exe (and its over 220 alternatively named strains) are part of Downloader-UA.h downloader, Trojan. AdClicker, and Adware Generic2.AARK families.
|