A new type of multimedia malware is rearing its head on the web, targeting file sharers by infecting music and video files.

Secure Computing said that the attack takes a phased approach and highlights the growing complexity of today's malware.

The initial infection occurs when a user visits a 'warez' site seeking an illegal crack or serial key to run a copy-protected software program.

The user is lured into downloading a Trojan which then infects every multimedia file on their PC.

While keeping the file format in place, the Trojan converts every music and video file to a standard format and then embeds malicious code into that file.

When the user shares the files via email, transfer or a peer-to-peer network, the infected multimedia files are transferred to someone else.

When a file is opened, the media player is redirected to a malicious resource on the web to download a fake codec which then misleads the new victim into installing a password stealer.

Although complicated, this approach helps the infection to slip under the radar as the attack vector is more indirect.

Christoph Alme, team leader at Secure Computing's Anti-Malware Research Labs, told vnunet.com: "These are professional fraudsters. We are not dealing with script kiddies any more."

Some will conclude that the only people at significant risk are those seeking to crack software or illegally share copyrighted content.

But Alme warned that the scale of P2P sharing means that many users may inadvertently be at risk through the downloading of perfectly legal data through a P2P network.

"Although most of these people are taking part in illegal activities, there are many who may become unwittingly infected while doing nothing wrong," he said.

Secure Computing has urged PC owners to make sure that all security software is correctly configured and up-to-date.

Users are also advised to stay away from warez sites and to be wary of agreeing to download an unknown codec in order to play any multimedia files.