Slashdot Mirror
RIAA/MPAA Contractor Deploys Malicious Adware Trojans
RichardX writes "Overpeer, the organization responsible for seeding many peer to peer networks with damaged, corrupt and fake files has now found a way of hiding spyware and adware inside Windows Media files by using a DRM loophole and is using this technique to further pollute p2p networks." Several readers sent in a PCworld article on the same subject.
exactly are they getting away with this?
I'm not the devil.. just his advocate.
Isn't that blatently illegal?
"Remember, there never were pineapple-almond cookies here."
High that explains why that Jessica Simpson song I downloaded suddenly made my head explode. :-)
Hack it so that it sends out complaint emails to RIAA and DOSes the RIAA website. Also make it crawl and fill out any RIAA forms on the website. Use random algorithms so they can only statistically cut down on the traffic.
why people trust wmv files when this can happen. Combine it with some ie security holes and you got a real problem. It'd be pretty easy to create a p2p wmv worm that infects the entire network.. no?
-- these are only opinions and they might not be mine.
It seems anyone the least bit concerned about DRM/sharing/etc wouldn't be using windows media anyway.
Sweet informative mod.
One more reason not to use Windows Media. How many do you need?
Now your DRM can be used a weapon against you, how do you feel about that?
~ I am logged on, therefore I am.
People and companies that see their lucrative source of income starting to dwindle get desperate. Desperate companies (SCO) and organizations (RIAA, MPAA) make drastic moves, and those drastic moves are always overhanded.
record companies employ illegal tactics to enforce their view of the world, expecially when they think they see recognizeable dips in their revenue. Nevermind that they're not actually losing money - the perception of loss is all it takes.
right now they're saying to themselves (as justification for illegal activities) "desperate times call for desperate measures".
These are not desperate times, and those are overly-desperate measures. They're weak, and owned by the music, not the other way 'round.
I don't know, the MPAA and RIAA have done a pretty good job of convincing the public that pirating music and movies is basically the same as grand theft, and therefore perpetrators deserve everything they get. They have been remarkably devious in their propaganda.
For example: My son watches a lot of Disney Channel, and on that channel there is an animated show called the Proud Family. On this show, about a year or so ago, there was an episode that involved the daughter of the family downloading music. It was 100% blatant propaganda, complete with the corner record store going out of business, and people there losing their jobs, because she downloaded music. It truly made me sick to my stomach that such ridiculous propaganda was being so shamelessly peddled directly to children.
The "average user," and especially the media, is already convinced that p2p is synonymous with illegal activity, so this is unlikely to raise much of an uproar outside of the geek and college student communities.
A failed business model is one that fails to generate a profit. If no one paid for CDs at their current price, but everyone downloaded them, that would not mean people are "too cheap," it just means that the demand for CDs only exists at a lower price point than the supplier is trying to sell them at. If the prices are lowered, sales would increase.
Of course, if there is an easy way to get a product free, people are unlikely to demand it at any price other than free, and so the business will fail unless it can either stop the free distribution of its products, or start selling products that are more difficult to distribute for free.
Under these criteria, the model of selling content that is easily obtainable for free IS destined to fail, whether demand exists or not, since the demand exists at a price point (free) that is by definition unable to generate profits. This is why these organizations are so afraid of filesharing. They can't figure out a way to maintain their current business model, and they haven't figured out a viable alternative business model, in the presence of filesharing.
When is spyware a virus? Don't ask your average anti-virus vendor. When I tried to nail down Sophos on this issue they were evasive - to say the least.
If this trojan is killed by an anti-virus program, is it securing your machine or committing an illegal act? I had this very discussion w/Sophos' techs. I had just cleaned the VX/2 trojan out of a computer - and it took HOURS of work to get it fully out of there. I sent a sample to Sophos and they told me that it was legal adware.
My question was obvious: What methods are allowable for adware, and how is that any different than a virus/trojan.
VX/2 was installed on one of my workstations here through a fault of the OS (unpatched at the time). It installed itself without permission. It left no way to uninstall it. It attempted to shut down Adaware and resisted any attempts to kill it.
So.... THIS ISN'T A VIRUS? Then what the hell is?
And so, overpeer's actions come as no big surprise to me. And I have no doubt that the anti-virus people will continue to turn a blind eye because of their FEAR of a lawsuit.
Damnit, don't we PAY THEM to protect us against this sort of thing?
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
No, really. It's like peeing in your own pool. You need DRM in order to sell music to people and to "control the rights". But at the same time, they're using DRM to attack people who are outside the system. So it kind of makes you feel unsafe about using DRM in the first place. Life is better outside of the DRM system.
BTW, I remembered the option for something like "automatically download rights management software" when installating Windows Media Player, what, 10 is it now? I hesitantly clicked yes. Now that I've done so, I can't find an option inside of the program to say no. Odd.
This is pretty old and not a 'binary-payload' issue with WMA files, more of a good old IE flaw. Windows media format has the ability to launch a web-page from a media file (i think it actually forces IE, not your default browser which is a violation of the anti-trust crap). Obviously this is just an instruction in the file and a patch could pretty easily turn it off, once the page is opened (in our favourite browser) the skys the limit. You could also disable this by filtering all windows media files through some program that took out the call, if anyone knows of the program or file format that would be cool?
Obviously no one with any know-how actually uses this format, but sometimes the file you want is in it, just be sure to play WMV/A files offline until you find a patch for Windows media player.
This comment does not represent the views or opinions of the user.
n.
The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.
How is what the **AA are doing (hacking into music downloaders' computers and installing malware to further their cause against piracy) any different?
If this is the way they think they must do business, lets give 'em h*ll!
The Hacker's Guide To The Kernel: Don't panic()!
Bing! You nailed it right there. Microsoft made an obvious policy decision long ago to shift developnment focus from end users to corporations, hence the ease with which 'bad' corporate users abuse the OS at the end user's expense.
If this is scripting, which it sounds like, it can easily be disabled. Disable Windows media scripting. This will disable videos from opening webpages and such. Nice. The article is vague, but this is what it sounds like. The webpages, would then load spyware through normal ie holes.
2*31*37*263
WindowsMedia files have a command stream as well as audio and video streams. This command stream can do all sorts of bad things (such as open web pages) at specific points in the timeline. You can easily remove it using various windows media editing tools (and by creating a directx graph that doesn't use the connect stream). However, there are two points to remember here: 1) You can't edit a DRM-protected WM file, and therefore can't delete the stream (I think it is still possible to play it w/o the command stream, tho) 2) What seems to be going on here (according to the article) is that the DRM mechanism itself is used for the pop-ups, rather than the command stream. The way the DRM in WM acquires a license is by connecting to a licensing site and basically executing a URL - This is where the pop-ups/Xware come from, not the command stream. It is interesting to note that while WMP has an option to turn off 'automatic acquisition of licenses', in my experience that option does not prevent WMP from accessing license acquisition URLs. The only ways I found to stop WMP from doing that was to put IE in 'offline mode' and/or block the DRM URLs on a proxy server.
This like all Malware is a very clearly against the law in the UK and most of Europe. The UK Computer Misuse Act makes it a criminal offense for a person to
"causes a computer to perform any function with intent to secure access to any program or data held in any computer"
Computer Misuse Act 1990
Depending on what the Company does with the data obtained they are likely also be in breach of the Data Protection Act 1998 which allows a £5,000 fine for each person offended against.
Similar legislation exists throughout Europe as part of the Information Society Policy Framework agreement.
Actually i think it's a great idea. We've had problems with break-ins in our neighborhood. Been hit twice the past two years, and nearly every neighbor has been hit too. Police dept says they can't do much about it.
So how about we set a stereo system out on the front porch and shoot the thief when he sets foot on our property? Like hell they're gonna steal my music!
When recording industries become vigilantes and the justice dept looks the other way, it certainly makes it acceptable for the rest of us. Road rage justice (I just DARE you to cut me off), merchants hanging shoplifters, etc. all is acceptable now. Even more interesting is that the punished party may not necessarily be the owner of the affected PC. Imagine Best Buy rent-a-cops torching your apartment building because they're getting even with you for shoplifting some CDs. So what if the building is owned by someone else? If the RIAA can torch anyone's PC if it has an infected file, it legitimizes any business coming after any property associated with any crime.
Quite a monster you've created, Justice.
<sarcasm mode></sarcasm mode>
As sad as it is, all that really happened...
You don't have to be even mildly coherent to understand why people are downloading/trading movies.