RIAA/MPAA Contractor Deploys Malicious Adware Trojans

RichardX writes "Overpeer, the organization responsible for seeding many peer to peer networks with damaged, corrupt and fake files has now found a way of hiding spyware and adware inside Windows Media files by using a DRM loophole and is using this technique to further pollute p2p networks." Several readers sent in a PCworld article on the same subject.

Re:The problem

[wolf-]

Except, that I can create a webpage with the media player embedded in it. An IE user visits, downloads the media automagically and is infected.

You may not have "intended" to infringe on CMAIAA's work, but I forced you to, or rather the browser did.

Re:I Wonder...

[Richard_at_work]

No, entrapment is enticing you into doing something you wouldnt have done without being asked. This is a sting, which the police use frequently to catch drug pushers. Basically the difference is how you received the goods, you have to make the concious decision to download that specific file, rahter than them pushing it at you. Since this file will be in amongst normal files, its a sting. If this was the only file, then it would still be a sting. If they approached you and offered you the file, its entrapment. Since you are requesting the file, its not entrapment. This is why police officers have to wait to be approached to either be sold drugs or to sell drugs (depending on if they are after the pusher or user), they cannot approach the suspect and request it. Same with prostitution, they have to play word games with the prostitute to get her to offer him services without him asking for it.

Unchecking 'acquire license...' doesn't work!

Actually, in my experience it doesn't work as intended.

I have encountered a few protected DRM files which didn't actually required any license - They just opened a webpage... And I have had this unchecked ever since I installed WMP.

However, as I don't use internet explorer, I make sure it is in 'offline mode' - This seems to stop all of this nonsense, as the internet explorer object is what WMP uses for DRM.

Proxies are another way to go about this...

In general, though, Microsoft doesn't really give you any options when a DRM'ed file is encountered - It calls the mother site no matter what options you check/uncheck in WMP itself.

How to disable

[Hoch]

If this is scripting, which it sounds like, it can easily be disabled. Disable Windows media scripting. This will disable videos from opening webpages and such. Nice. The article is vague, but this is what it sounds like. The webpages, would then load spyware through normal ie holes.

DRM & WM commands

[ermon]

WindowsMedia files have a command stream as well as audio and video streams. This command stream can do all sorts of bad things (such as open web pages) at specific points in the timeline. You can easily remove it using various windows media editing tools (and by creating a directx graph that doesn't use the connect stream). However, there are two points to remember here: 1) You can't edit a DRM-protected WM file, and therefore can't delete the stream (I think it is still possible to play it w/o the command stream, tho) 2) What seems to be going on here (according to the article) is that the DRM mechanism itself is used for the pop-ups, rather than the command stream. The way the DRM in WM acquires a license is by connecting to a licensing site and basically executing a URL - This is where the pop-ups/Xware come from, not the command stream. It is interesting to note that while WMP has an option to turn off 'automatic acquisition of licenses', in my experience that option does not prevent WMP from accessing license acquisition URLs. The only ways I found to stop WMP from doing that was to put IE in 'offline mode' and/or block the DRM URLs on a proxy server.

UK Computer Misuse Act.

[Martin+Spamer]

This like all Malware is a very clearly against the law in the UK and most of Europe. The UK Computer Misuse Act makes it a criminal offense for a person to

"causes a computer to perform any function with intent to secure access to any program or data held in any computer"
Computer Misuse Act 1990

Depending on what the Company does with the data obtained they are likely also be in breach of the Data Protection Act 1998 which allows a £5,000 fine for each person offended against.

Similar legislation exists throughout Europe as part of the Information Society Policy Framework agreement.

Re:So how..

[iminplaya]

This whole piracy thing is so silly. It's wierder than "terrorist". Both terms depend on who they are working for. If they're working for the "competition"(so to speak), they're pirates and terrorists. If they're on "our" side, they're distributors and freedom fighters. Do you know who will be the first to go out of business when P2P really takes off? The pirates. The guys out there selling millions of bootlegs. Most pirates usually sell the top 40, RIAA stuff, so they also "controlled" who was distributed, but they are the most expendable. Hell, they're off the books, so who's gonna care? Most people understand that P2P will increase record sales and concert attendance manyfold. This isn't just about money. Control plays a bigger role here. Just like both sides use terrorists in a war, both sides use pirates to distribute their wares. It seems to be mutually parasitic. What I'm trying to say here is that piracy is a diversion, a smokescreen used by those who want to control distribution of information(text, audio, video). It's little different from those who use terrorism to create unjust laws.

(kind of offtopic)
I sure wish the ptroleum industry was as concerned about the leaks in their distribution system as the content industry is about theirs.

There is a VERY easy fix

[hairyfeet]

This is NOT a problem.There is a tool out there that can disable wmp scripting ability.http://www.javacoolsoftware.com/wmpscripti ngfix I got it to get rid of those annoying pr0n scripts and have NEVER had a problem with pop-ups on wmp since.And it's free!!