Security vendor Secure Computing is warning in an advisory that the initial infection comes from a pirate software site -- known as a warez site -- where users go looking for an illegal crack or serial key to run copy-protected software.
According to the advisory, when attempting to run infected files, the user is fooled into believing a codec is needed to play back the content.
When downloading the fake codec, the user installs malware, which embeds malicious content into multimedia files such as MP3, WMA music files, WMV video files, and others.
Eric Krieger, manager at Secure Computing, said that one of the infected MP3 files includes music from 1970s rock group Queen's Greatest Hits album.
“The bottom line is you shouldn't be looking to download the codec, that's the major thing, and once you have it installed it injects the command and causes the WMP to redirect,” said Krieger.
When the user plays any infected files, no sign of compromise will show up and they will never know they've been infected, warned Secure Computing.
When a user then shares a file via email or a P2P site, those infected multimedia files are then transferred to someone else.
“It's not a Windows issue, it's an MP3 issue and you need to update your anti-virus signature to stay protected," Krieger said. "It's just something that users have to be aware of."