MP3 plus a Bucket Load of Malwares

Free MP3 anyone? Advertisements like this has been scattered through out the internet, only on most sites, like the one shown below, give more than just mp3s. Instead, they give you a bucket load of malware downloaders.


Here is a snapshot of the website as promised…I won’t show any of the URLs for obvious reasons…



Upon viewing the site and searching for mp3s like the ones in the snapshot above, the site would say that you need their plug-in (Fastmp3_Setup.exe) in order to download mp3s from their site.


Once Fastmp3_Setup.exe is executed, the cycle of “download and execute” begins until the system has been infected with a bunch of malware. Fortunately for Trend Customers, most of the files that are being used here are already detected including the one who started it all, Fastmp3_Setup.exe. See below for a list of malware downloaded and their corresponding detection names.



  • http://[blocked]com.ar/Fastmp3_Setup.exe TROJ_DLOADER.GXW
  • http://[blocked]com.ar/1.exe TROJ_MONDO.AF
  • http://[blocked]com.ar/inst.exe TROJ_SMALL.DTH
  • http://[blocked]com.ar/install.exe TROJ_DLOADER.FYG
  • http://[blocked]com.ar/vig.exe TROJ_HIDEPROC.G
  • http://[blocked]fic.com/loadadv559.exe TROJ_SMALL.DTI
  • http://[blocked]fic.com/vv815.exe TROJ_ADLOAD.RU
  • http://[blocked]fic.com/install.exe TROJ_DLOADER.FYG
  • http://[blocked]s.com/si.exe TROJ_REQLOOK.AE

These files aren’t detected, not yet anyways…But I have already given them to the service team and will soon be given their detection.



  • http://[blocked]fic.com/inst.exe
  • http://[blocked]com.ar/Fastmp3_Setup1.exe
  • http://[blocked]fic.com/1.exe

Update(Jhoevine Capicio, Fri, 15 Dec 2006 07:30:35 AM)


Files below will be detected as



  • http://[blocked]fic.com/inst.exe TROJ_DLOADER.EXJ
  • http://[blocked]com.ar/Fastmp3_Setup1.exe TROJ_DLOADER.ELU
  • http://[blocked]fic.com/1.exe BKDR_SMALL.EIS

Checking more on this site, this is slowly becoming another LinkOptim thing…


More and more trojans are being downloaded.


Ultimately, the goal of this site, came clear as pretty soon, I was seeing SPAM on the network environment.


Below is a sample email.



Like I said above, malware authors just love the users easily fooled by their social engineering tactics. They see them as paychecks waiting to be cashed in!


We’ll update this blog as more information is found.


No related posts.