Almost 500,000 people have been caught out by a booby-trapped media file, says security firm McAfee.
The fake file poses as a music track, short video or movie and has been widely seeded on file-sharing networks to snare victims.
McAfee said the fake media file outbreak was the largest it had seen for about three years.
Those running the fake file get bombarded with pop-up ads and risk compromising the safety of their PC.
The fake file or trojan has been widely distributed on the eDonkey and Limewire file-sharing networks.
The file has many names and is written in different languages to trick people into downloading it.
The titles make the file appear to be music tracks, pornography and full versions of popular movies.
Anyone downloading the trojan and trying to run it is asked to install a codec that will play the supposed media.
Instead of playing the media, running the file installs a bundle of adware that plagues a user with pop-ups.
Included in the bundle is an MP3 media player that will only play the tracks included with it.
McAfee said seeing such a large outbreak was rare because hi-tech criminals typically prefer to target their malicious creations to keep numbers manageable and to avoid detection.
In the last seven days McAfee said the trojan had been found on more than 500,000 of the PCs that notify the company when a malicious file is downloaded.
It added that, so far, only 10% seem to have gone as far as to install the fake codec and be plagued with pop-ups.
Other security companies have seen the trojan but not in such large numbers as McAfee.
Only those using Windows are vulnerable to the malicious program.
McAfee urged users to update their security software and to be wary when using file-sharing networks.