Slashdot Mirror
RIAA/MPAA Contractor Deploys Malicious Adware Trojans
RichardX writes "Overpeer, the organization responsible for seeding many peer to peer networks with damaged, corrupt and fake files has now found a way of hiding spyware and adware inside Windows Media files by using a DRM loophole and is using this technique to further pollute p2p networks." Several readers sent in a PCworld article on the same subject.
exactly are they getting away with this?
I'm not the devil.. just his advocate.
Isn't that blatently illegal?
"Remember, there never were pineapple-almond cookies here."
High that explains why that Jessica Simpson song I downloaded suddenly made my head explode. :-)
Hack it so that it sends out complaint emails to RIAA and DOSes the RIAA website. Also make it crawl and fill out any RIAA forms on the website. Use random algorithms so they can only statistically cut down on the traffic.
If they can do it, so can any hacker/cracker/virus writer. That's a good enough reason to never touch DRM inflicted Microsoft media files.
- For the complete works of Shakespeare: cat
why people trust wmv files when this can happen. Combine it with some ie security holes and you got a real problem. It'd be pretty easy to create a p2p wmv worm that infects the entire network.. no?
-- these are only opinions and they might not be mine.
It seems anyone the least bit concerned about DRM/sharing/etc wouldn't be using windows media anyway.
Sweet informative mod.
One more reason not to use Windows Media. How many do you need?
Now your DRM can be used a weapon against you, how do you feel about that?
~ I am logged on, therefore I am.
People and companies that see their lucrative source of income starting to dwindle get desperate. Desperate companies (SCO) and organizations (RIAA, MPAA) make drastic moves, and those drastic moves are always overhanded.
record companies employ illegal tactics to enforce their view of the world, expecially when they think they see recognizeable dips in their revenue. Nevermind that they're not actually losing money - the perception of loss is all it takes.
right now they're saying to themselves (as justification for illegal activities) "desperate times call for desperate measures".
These are not desperate times, and those are overly-desperate measures. They're weak, and owned by the music, not the other way 'round.
I don't know, the MPAA and RIAA have done a pretty good job of convincing the public that pirating music and movies is basically the same as grand theft, and therefore perpetrators deserve everything they get. They have been remarkably devious in their propaganda.
For example: My son watches a lot of Disney Channel, and on that channel there is an animated show called the Proud Family. On this show, about a year or so ago, there was an episode that involved the daughter of the family downloading music. It was 100% blatant propaganda, complete with the corner record store going out of business, and people there losing their jobs, because she downloaded music. It truly made me sick to my stomach that such ridiculous propaganda was being so shamelessly peddled directly to children.
The "average user," and especially the media, is already convinced that p2p is synonymous with illegal activity, so this is unlikely to raise much of an uproar outside of the geek and college student communities.
The problem is that the only people with standing to make a legal complaint about this practice (i.e., sue them) are people who have downloaded the files and had damages caused to them from the spyware being installed.
However, at the same time, said people are admitting in court that they downloaded (or attempted to download) media for which they didn't hold the copyright.
One possible way around this is if someone already has purchased the CD/DVD and wanted to download a copy so they could archive the original (because they have CD/DVD hardware that couldn't rip the original to disk). Of course, this idea has not been tested in court, and would probably be a protracted and expensive battle to fight.
A copyright holder's agent (RIAA) offered it for download. Perfectly legit I would say.
A failed business model is one that fails to generate a profit. If no one paid for CDs at their current price, but everyone downloaded them, that would not mean people are "too cheap," it just means that the demand for CDs only exists at a lower price point than the supplier is trying to sell them at. If the prices are lowered, sales would increase.
Of course, if there is an easy way to get a product free, people are unlikely to demand it at any price other than free, and so the business will fail unless it can either stop the free distribution of its products, or start selling products that are more difficult to distribute for free.
Under these criteria, the model of selling content that is easily obtainable for free IS destined to fail, whether demand exists or not, since the demand exists at a price point (free) that is by definition unable to generate profits. This is why these organizations are so afraid of filesharing. They can't figure out a way to maintain their current business model, and they haven't figured out a viable alternative business model, in the presence of filesharing.
However, they do have all right to do this in some respects. They are putting up crap on a P2P network, just like any other idiot. Still, what gets to me is the system in general. When a lone hacker writes a virus, he gets jail time. When a corporation writes a virus...
But then, what should P2P users do? If they're so serious about P2P, they'll either take the risk or find a new way of sharing files that finds the trojans and whatnot.
Although really, I'm suprised the government isn't stepping in right abou... Wait, nevermind.
When is spyware a virus? Don't ask your average anti-virus vendor. When I tried to nail down Sophos on this issue they were evasive - to say the least.
If this trojan is killed by an anti-virus program, is it securing your machine or committing an illegal act? I had this very discussion w/Sophos' techs. I had just cleaned the VX/2 trojan out of a computer - and it took HOURS of work to get it fully out of there. I sent a sample to Sophos and they told me that it was legal adware.
My question was obvious: What methods are allowable for adware, and how is that any different than a virus/trojan.
VX/2 was installed on one of my workstations here through a fault of the OS (unpatched at the time). It installed itself without permission. It left no way to uninstall it. It attempted to shut down Adaware and resisted any attempts to kill it.
So.... THIS ISN'T A VIRUS? Then what the hell is?
And so, overpeer's actions come as no big surprise to me. And I have no doubt that the anti-virus people will continue to turn a blind eye because of their FEAR of a lawsuit.
Damnit, don't we PAY THEM to protect us against this sort of thing?
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
No, really. It's like peeing in your own pool. You need DRM in order to sell music to people and to "control the rights". But at the same time, they're using DRM to attack people who are outside the system. So it kind of makes you feel unsafe about using DRM in the first place. Life is better outside of the DRM system.
BTW, I remembered the option for something like "automatically download rights management software" when installating Windows Media Player, what, 10 is it now? I hesitantly clicked yes. Now that I've done so, I can't find an option inside of the program to say no. Odd.
What many of you seem to fail to realize is that the purpose of this has nothing to do with actually damaging computers. Rather, what the recording industry is trying to do is stop people from using P2P. And they do this through fear. That's why they do the suing (your chances of getting sued are minimal, but plenty of people get scared and stop downloading). Now, plenty of morons (for who else would this tactic work on?) will hear that downloading music can give you viruses and adware - rumors will fly wildly.
At least, that's their hope. We'll see whether it works.
This is pretty old and not a 'binary-payload' issue with WMA files, more of a good old IE flaw. Windows media format has the ability to launch a web-page from a media file (i think it actually forces IE, not your default browser which is a violation of the anti-trust crap). Obviously this is just an instruction in the file and a patch could pretty easily turn it off, once the page is opened (in our favourite browser) the skys the limit. You could also disable this by filtering all windows media files through some program that took out the call, if anyone knows of the program or file format that would be cool?
Obviously no one with any know-how actually uses this format, but sometimes the file you want is in it, just be sure to play WMV/A files offline until you find a patch for Windows media player.
This comment does not represent the views or opinions of the user.
n.
The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.
How is what the **AA are doing (hacking into music downloaders' computers and installing malware to further their cause against piracy) any different?
If this is the way they think they must do business, lets give 'em h*ll!
The Hacker's Guide To The Kernel: Don't panic()!
The media may be convinced that p2p is synonmous with illegal activity, but they love scaring viewers by "exposing" crimes that may be happening in your neighborhood! Right next door!
However, the "average user" is much more concerned with their pocketbook than with nebulous notions such as "intellectual property" and "digital rights management". When I bring up the subject to family members, friends and students, their eyes just sort of glaze over. I honestly don't think the average person gives a shit about copyright. The only people who care are those who make money by creating copyrighted works, and those who market/produce/protect those works.
At the high school where I teach and do tech support, the first RIAA lawsuits a few years ago sent a number of students and teachers scurrying to me to see if they might be in trouble for downloading music. My two favorites were the stoner kid who didn't realize he was sharing 4000+ songs on Kazaa, and the evangelical principal who subscribed to Roadrunner for the sole purpose of downloading Christian music (illegally).
The RIAA/MPAA fight is not one that they can ultimately win, because the rules have changed with the ease of copying. They should really look to the model that Scott Kurtz of PVP and Epitonic - give the content away as a means of promotion, then make your money selling related items such as t-shirts, books, concerts, etc. Sure, books and videos can also be pirated, but until they're as easily accessible as music is via an iPod or something similar, there's still money to be made. Hell, most bands make their money on tour from t-shirt sales.
Anyway, don't think for a second that the "average user" thinks p2p is "wrong" - most users I've encountered are just annoyed that it isn't easier to find things.
First they ignore you, then they laugh at you, then they fight you, then you win. -- Gandhi
The problem is that the difference between a trojan and legit adware is that legit adware is backed by a company that can sue an anti-virus company. The two can be identical in every other way.
The one thing that I find strange about this story is that try as I may, I can't seem to find any information from the "usual" security sources about exactly how this works--as far as I can recall, bugtraq and full-disclosure haven't touched these. Moreover, the only articles about this are the p2pnet one and the PC World one--and the former appears to be derived from the latter.
Both articles are also oddly vague--"security experts" are mentioned, but no specific names dropped, and there are no technical details given at all.
Can anyone provide independent confirmation of this? In particular, if you have details of how one can embed executable code in a wma or provide a sample of such code, please send them my way via brendandg [at] colby.tjs.org
Actually, in my experience it doesn't work as intended.
I have encountered a few protected DRM files which didn't actually required any license - They just opened a webpage... And I have had this unchecked ever since I installed WMP.
However, as I don't use internet explorer, I make sure it is in 'offline mode' - This seems to stop all of this nonsense, as the internet explorer object is what WMP uses for DRM.
Proxies are another way to go about this...
In general, though, Microsoft doesn't really give you any options when a DRM'ed file is encountered - It calls the mother site no matter what options you check/uncheck in WMP itself.
This will more likely kill the WMA format than P2P networks. If I were Bill Gates, I'd sue the RIAA, the MPAA and their hired guns.
If this is scripting, which it sounds like, it can easily be disabled. Disable Windows media scripting. This will disable videos from opening webpages and such. Nice. The article is vague, but this is what it sounds like. The webpages, would then load spyware through normal ie holes.
2*31*37*263
WindowsMedia files have a command stream as well as audio and video streams. This command stream can do all sorts of bad things (such as open web pages) at specific points in the timeline. You can easily remove it using various windows media editing tools (and by creating a directx graph that doesn't use the connect stream). However, there are two points to remember here: 1) You can't edit a DRM-protected WM file, and therefore can't delete the stream (I think it is still possible to play it w/o the command stream, tho) 2) What seems to be going on here (according to the article) is that the DRM mechanism itself is used for the pop-ups, rather than the command stream. The way the DRM in WM acquires a license is by connecting to a licensing site and basically executing a URL - This is where the pop-ups/Xware come from, not the command stream. It is interesting to note that while WMP has an option to turn off 'automatic acquisition of licenses', in my experience that option does not prevent WMP from accessing license acquisition URLs. The only ways I found to stop WMP from doing that was to put IE in 'offline mode' and/or block the DRM URLs on a proxy server.
"Tauzin, when he was chairman of the House Energy and Commerce Committee earlier this year, negotiated to take jobs with two major lobbying groups, the Motion Picture Association of America and the Pharmaceutical Research and Manufacturers of America; he just took the PhRMA job."
Source: www.msnbc.msn.com/id/6771489/
They're hiring former Congressmen and Committee chairman. lol. They can buy their way to the kind of clout it will take to get their sweetheart legislation through our Congress, which is more than happy to sell the America public if the donations are high enough. Lobbyists are expecting to spend 2 billion dollars this year.
Don't complain, you elected them. And the first thing they do is loosen up the ethics rules so they can bone the taxpayer even more blatantly than they already are.
This is what the red state mentality considers good government. Chumps.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
This like all Malware is a very clearly against the law in the UK and most of Europe. The UK Computer Misuse Act makes it a criminal offense for a person to
"causes a computer to perform any function with intent to secure access to any program or data held in any computer"
Computer Misuse Act 1990
Depending on what the Company does with the data obtained they are likely also be in breach of the Data Protection Act 1998 which allows a £5,000 fine for each person offended against.
Similar legislation exists throughout Europe as part of the Information Society Policy Framework agreement.
Actually i think it's a great idea. We've had problems with break-ins in our neighborhood. Been hit twice the past two years, and nearly every neighbor has been hit too. Police dept says they can't do much about it.
So how about we set a stereo system out on the front porch and shoot the thief when he sets foot on our property? Like hell they're gonna steal my music!
When recording industries become vigilantes and the justice dept looks the other way, it certainly makes it acceptable for the rest of us. Road rage justice (I just DARE you to cut me off), merchants hanging shoplifters, etc. all is acceptable now. Even more interesting is that the punished party may not necessarily be the owner of the affected PC. Imagine Best Buy rent-a-cops torching your apartment building because they're getting even with you for shoplifting some CDs. So what if the building is owned by someone else? If the RIAA can torch anyone's PC if it has an infected file, it legitimizes any business coming after any property associated with any crime.
Quite a monster you've created, Justice.
<sarcasm mode></sarcasm mode>
As sad as it is, all that really happened...
You don't have to be even mildly coherent to understand why people are downloading/trading movies.