RIAA/MPAA Contractor Deploys Malicious Adware Trojans
RichardX writes "Overpeer, the organization responsible for seeding many peer to peer networks with damaged, corrupt and fake files has now found a way of hiding spyware and adware inside Windows Media files by using a DRM loophole and is using this technique to further pollute p2p networks." Several readers sent in a PCworld article on the same subject.
Isn't that blatently illegal?
"Remember, there never were pineapple-almond cookies here."
If they can do it, so can any hacker/cracker/virus writer. That's a good enough reason to never touch DRM inflicted Microsoft media files.
- For the complete works of Shakespeare: cat
why people trust wmv files when this can happen. Combine it with some ie security holes and you got a real problem. It'd be pretty easy to create a p2p wmv worm that infects the entire network.. no?
-- these are only opinions and they might not be mine.
It seems anyone the least bit concerned about DRM/sharing/etc wouldn't be using windows media anyway.
Sweet informative mod.
One more reason not to use Windows Media. How many do you need?
Now your DRM can be used a weapon against you, how do you feel about that?
~ I am logged on, therefore I am.
With tactics like this I hope they don't wonder why people don't feel sorry for them.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
The problem is that the only people with standing to make a legal complaint about this practice (i.e., sue them) are people who have downloaded the files and had damages caused to them from the spyware being installed.
However, at the same time, said people are admitting in court that they downloaded (or attempted to download) media for which they didn't hold the copyright.
One possible way around this is if someone already has purchased the CD/DVD and wanted to download a copy so they could archive the original (because they have CD/DVD hardware that couldn't rip the original to disk). Of course, this idea has not been tested in court, and would probably be a protracted and expensive battle to fight.
The poeple who should be getting pissed about this is MS, i dont' think they will like it when WMA becomes like IE, known for giving you adware and viruses when used.
A copyright holder's agent (RIAA) offered it for download. Perfectly legit I would say.
A failed business model is one that fails to generate a profit. If no one paid for CDs at their current price, but everyone downloaded them, that would not mean people are "too cheap," it just means that the demand for CDs only exists at a lower price point than the supplier is trying to sell them at. If the prices are lowered, sales would increase.
Of course, if there is an easy way to get a product free, people are unlikely to demand it at any price other than free, and so the business will fail unless it can either stop the free distribution of its products, or start selling products that are more difficult to distribute for free.
Under these criteria, the model of selling content that is easily obtainable for free IS destined to fail, whether demand exists or not, since the demand exists at a price point (free) that is by definition unable to generate profits. This is why these organizations are so afraid of filesharing. They can't figure out a way to maintain their current business model, and they haven't figured out a viable alternative business model, in the presence of filesharing.
However, they do have all right to do this in some respects. They are putting up crap on a P2P network, just like any other idiot. Still, what gets to me is the system in general. When a lone hacker writes a virus, he gets jail time. When a corporation writes a virus...
But then, what should P2P users do? If they're so serious about P2P, they'll either take the risk or find a new way of sharing files that finds the trojans and whatnot.
Although really, I'm suprised the government isn't stepping in right abou... Wait, nevermind.
No, really. It's like peeing in your own pool. You need DRM in order to sell music to people and to "control the rights". But at the same time, they're using DRM to attack people who are outside the system. So it kind of makes you feel unsafe about using DRM in the first place. Life is better outside of the DRM system.
BTW, I remembered the option for something like "automatically download rights management software" when installating Windows Media Player, what, 10 is it now? I hesitantly clicked yes. Now that I've done so, I can't find an option inside of the program to say no. Odd.
What many of you seem to fail to realize is that the purpose of this has nothing to do with actually damaging computers. Rather, what the recording industry is trying to do is stop people from using P2P. And they do this through fear. That's why they do the suing (your chances of getting sued are minimal, but plenty of people get scared and stop downloading). Now, plenty of morons (for who else would this tactic work on?) will hear that downloading music can give you viruses and adware - rumors will fly wildly.
At least, that's their hope. We'll see whether it works.
No kidding. I mean, for one thing, by the time the movie is in the theater, the painters and the stuntmen had best already have been paid. For another thing, with all the piracy that's been going on, if it was hurting the business so much that they couldn't pay the painters and the stuntmen, then there wouldn't be movies opening every week.
And yet, checking the local theater listings....
Yeah, piracy is bad. Not BAD, in all caps. Not Bad, with a capital B. But bad. But what the RIAA and MPAA are doing here is worse. It's sleazy, underhanded crap, and if a private citizen did shit like this, the hammer of the judicial system would get dropped on them in a heartbeat.
Kierthos
Mr. Hu is not a ninja.
n.
The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.
How is what the **AA are doing (hacking into music downloaders' computers and installing malware to further their cause against piracy) any different?
If this is the way they think they must do business, lets give 'em h*ll!
The Hacker's Guide To The Kernel: Don't panic()!
The media may be convinced that p2p is synonmous with illegal activity, but they love scaring viewers by "exposing" crimes that may be happening in your neighborhood! Right next door!
However, the "average user" is much more concerned with their pocketbook than with nebulous notions such as "intellectual property" and "digital rights management". When I bring up the subject to family members, friends and students, their eyes just sort of glaze over. I honestly don't think the average person gives a shit about copyright. The only people who care are those who make money by creating copyrighted works, and those who market/produce/protect those works.
At the high school where I teach and do tech support, the first RIAA lawsuits a few years ago sent a number of students and teachers scurrying to me to see if they might be in trouble for downloading music. My two favorites were the stoner kid who didn't realize he was sharing 4000+ songs on Kazaa, and the evangelical principal who subscribed to Roadrunner for the sole purpose of downloading Christian music (illegally).
The RIAA/MPAA fight is not one that they can ultimately win, because the rules have changed with the ease of copying. They should really look to the model that Scott Kurtz of PVP and Epitonic - give the content away as a means of promotion, then make your money selling related items such as t-shirts, books, concerts, etc. Sure, books and videos can also be pirated, but until they're as easily accessible as music is via an iPod or something similar, there's still money to be made. Hell, most bands make their money on tour from t-shirt sales.
Anyway, don't think for a second that the "average user" thinks p2p is "wrong" - most users I've encountered are just annoyed that it isn't easier to find things.
First they ignore you, then they laugh at you, then they fight you, then you win. -- Gandhi
The problem is that the difference between a trojan and legit adware is that legit adware is backed by a company that can sue an anti-virus company. The two can be identical in every other way.
The one thing that I find strange about this story is that try as I may, I can't seem to find any information from the "usual" security sources about exactly how this works--as far as I can recall, bugtraq and full-disclosure haven't touched these. Moreover, the only articles about this are the p2pnet one and the PC World one--and the former appears to be derived from the latter.
Both articles are also oddly vague--"security experts" are mentioned, but no specific names dropped, and there are no technical details given at all.
Can anyone provide independent confirmation of this? In particular, if you have details of how one can embed executable code in a wma or provide a sample of such code, please send them my way via brendandg [at] colby.tjs.org
Actually i think it's a great idea. We've had problems with break-ins in our neighborhood. Been hit twice the past two years, and nearly every neighbor has been hit too. Police dept says they can't do much about it.
So how about we set a stereo system out on the front porch and shoot the thief when he sets foot on our property? Like hell they're gonna steal my music!
When recording industries become vigilantes and the justice dept looks the other way, it certainly makes it acceptable for the rest of us. Road rage justice (I just DARE you to cut me off), merchants hanging shoplifters, etc. all is acceptable now. Even more interesting is that the punished party may not necessarily be the owner of the affected PC. Imagine Best Buy rent-a-cops torching your apartment building because they're getting even with you for shoplifting some CDs. So what if the building is owned by someone else? If the RIAA can torch anyone's PC if it has an infected file, it legitimizes any business coming after any property associated with any crime.
Quite a monster you've created, Justice.
An ad paid for by the same movie companies that put the painter and stuntman out of work by producing as many movies as possible outside the United States. They don't shoot movies in Toronto because of its wonderful year-round climate.
Mea navis aericumbens anguillis abundat
<sarcasm mode></sarcasm mode>
As sad as it is, all that really happened...
You don't have to be even mildly coherent to understand why people are downloading/trading movies.
Especially since M$ has been wooing Hollywood into their DRM WMA/V format for years now. Hollywood was reluctant about M$ owning the gateway to entertainment, and now they just pissed off the supplier. That's a bad business move, both parties lose. Now that M$ has "tighyly intergrated" WMP into the OS, they suddenly have a file format that is vulnerable to malware. WMA/V may join the corporate banned attachment list whose extensions end with exe, bat, pif, and so on.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
I must admit I was tempted to install Kazaa and search for and download the file mentioned in PC World's article, just so I could tell my state attorney general they tried to hack my computer. I finally decided it wasn't worth the hassle and potential media attention though. :)
I should note that given their current actions I don't trust them so I used a disposable address from Spam Gourmet to send from and only signed my first name. Maybe I'm paranoid, but I figure any company who thinks it's OK to basically attack other people's computers in the name of stopping P2P just can't be trusted to know both my full name and state.