Perhaps some of you have noticed the play_mp3.exe trojan downloader pop up when trying to play a music file you have downloaded. If you were lucky, or savvy enough you cancelled the attempt and closed the browser window that opened. If not, you might want to run your anti-virus/anti spy on your music folders.

It looks like many of us have fallen for this as the search results are full of these bogus mp3 ( and probably wav) files. At first i thought the p2p interface should filter this stuff (Limewire in my case). yet clearly it did not. Why not? But wait. Limewire will give us clues and I would like to pass them on and see if we can beat this thing.

1) bit rate - a ridiculous bit rate is a clue. 64-256 is all one needs, outside of this, the file is probably corrupt or bogus or a trojan. If there is no bit rate, it is also (more) suspect. 128 bits is pretty standard high quality.

2) file size - real mp3s have file sizes around 1 megabyte per minute of length. Wmas even less. Look for reasonable file sizes for the song length.

3) hover description - if there is no detail about the artist, title, etc. it is suspect.

4) artist - if the artist is included in the title field instead of the Artist field it is suspect. True, we can name a file anything we want, but downloading from people who are sloppy about their library is risky anyway.

That's all I've got so far, but in every case that I downloaded a bogus mp3, one or more of the above was the case. For at least one search, there were no legitimate results (out of ~170), only trojans and fakes.

<-_->