Crackers Tune In to Windows Media Player

jamshedji writes "Crackers are using the newest DRM technology in Microsoft's Windows Media Player to install spyware, adware, dialers and computer viruses on unsuspecting PC users."

Crackers like...

[NetNifty]

Crackers like the RIAA/MPAA contractor Overpeer?

This is why I use Linux..

[Dana+P'Simer]

very little danger of getting infected in this way. And we don't have any DRM mechanisms to get in our way.

But really, Windows XP does provide a way to keep users from installing just any software, that is by having a seperate administrator user and do you surfing and P2P downloading using a "limited" user account.

I went to visit some relatives a couple of weeks ago and I found 250 dialers, spyware and malware programs on thier computer using Spybot. It was unbelievable!

Not only hackers!

[EvilCowzGoMoo]

Its not only hackers taking advantage of DRM vulnerabilities. This article at virus.org reports that the RIAA is also exploiting DRM!

"The contractor Overpeer who works solely for the MPAA and RIAA to polute Peer-to-Peer networks with corrupt and useless files has moved to a new low by using a loop hole within Windows Media DRM to launch popup adds and infect users PCs with Spyware, Viruses and Adware.

In what could be considered a quite blatent breach of computer crime laws the world over, Overpeer a company owned by Loudeye is making a lot of money seeding Peer-to-Peer networks with thousands of fake files. It's one of the entertainment industry's favourite, and most obnoxious, anti-p2p contractors.

The loophole in the Windows Media DRM process allows companies to create media files and link them to adware. When you normally download a protected Windows Media file, you also receive a license that lets you play it. If however Windows Media Player cannot find a valid license on your PC, it checks in with a remote system running Microsoft's Windows Media DRM Server.

You should rarely see that happen. Some files, however are set up to ask you for information before playing. They do this by displaying a URL in a dialog box labeled License Acquisition. Normally that dialog box is used to check for a user name or offer a chance to purchase the file that's being played. In a legitimate DRM-encrypted file the author may let you play it a few times, then bring up a window asking if you want to buy it.

Since the license dialog box is in essense an Internet Explorer window, it will display whatever is on the page it points to, in the cases that have been seen of this these trojaned Windows Media files, they all point to servers that load up unwanted ads, including windows that attempt install adware onto your PC surreptitiously, including adding items to your browser's Favorites list, attempting to change your home page and installing viral adware such as the 180search Assistant. "

Acording to the above article's date (December 31, 2004) Is it possible the RIAA inspired the hacker comunity?

Winamp TV had this problem too

[British]

On the Beta Winamp TV stations, adult site operators quickly figured how to launch URLs on video streams. Needless to say, the support forums showed you how to turn off this feature about a day after the discovery.

Please, not every app in the known world needs to launch a freakin' web page, etc.

Please clear this up for me...

[go$$amer]

What is the difference between DRM and spyware?

How could DRM work without inherently 'spying' on the user/victim?

Re:Unsuspecting???

[Joe+Tie.]

Now maybe if you had suggested some little known media player that didn't automatically install codecs after you clicked "don't ask me again, just install" then maybe your post would have been worth something.

I'll go for one, mplayer. There's been beta builds on mplayers site for a while now, but I don't usually hear about anyone using it. While a lot of the port isn't as nice as in linux, and it seems to choke on most real player content even with the codec pack, it's still fairly nice. I keep it on a usb drive and it really comes in handy every now and again.

Re:No logic

[nine-times]

Why do web pages need the ability to launch programs and install things? It's long been Microsoft's design philosophy to hook every one of their apps to the OS and to each other, and give each the ability to do as much as possible. The idea is that this makes productive computer use easier and more transparent.

And it does. Unfortunately, it also makes malicious computer use easier and more transparent. Microsoft has ignored that aspect to their design philosophy, and it's become the source of many highly-publicized security issues.

Re:Unsuspecting???

[DrXym]

Firefox is a browser not a media player.

If you want a decent open source media player, choose VLC. It works great on Win32, Linux & OS X. Works well supporting CDs, DVDs, AVI, DiVX, MP3, Ogg and just about every other media format known to man - except protected WMA.

So if the exploit relies on dangling a "carrot" in the shape of some free pr0n if you download some licence into WMP, VLC won't protect you from yourself and doesn't offer comparable functionality.

Re:It's like sun on your wedding day?

[UWC]

All WMP versions that I've encountered through the current one have given a choice on whether to enable DRM at install. I've never tried installing with DRM enabled, so I don't know if it would request DRM on all files, or just makes sure to verify DRM on protected files, but with DRM turned off, I've not had a problem with playback of other files or portability of WMP-created media (e.g. CDs I've ripped to WMA. Yeah, I know, I should have used MP3 or Ogg, but CDex wasn't working for me at the time, and I was lazy; I've since rectified the transgressions).

I wonder how long until you're no longer given the choice to opt out of DRM at install, though.

Glad to see DRM is protecting digital rights

[RLiegh]

When I first saw the story, I was afraid that hackers were somehow exploiting program flaws in media player that would give them unauthorised access, allowing them to install spyware.

Instead, it turns out that DRM is simply doing it's job - protecting the digital rights on content providers by punishing those people who attempt to gain access to unathorised media.

Here's my take, I'm pretty sure that I'll be safe wether I run linux or windows (I run both) since I am not ...wait for it... trying to leech other people's copyrighted material off of dodgy peer to peer networks!

If you engage in pirating, you deserve the cannonball to your vessel; I, for one, feel no pity.

won't work

[tetromino]

If AOL would open the WinAmp source

The problem is that Winamp (IIRC) uses DirectShow and standard Windows codecs for playing movies; WMP is also essentially a gui front-end for DirectShow. (It's just like Linux where you have xine-lib with its plugins, and all sorts of guis for it - xine-ui, kaffeine, totem etc). My guess is that the Windows Media DRM is implemented at the codec level or in the DirectShow pipeline, and not in the media player - otherwise, the DRM would be trivial to circumvent. The only real solution is a usable windows port of xine-lib or mplayer (even helixplayer would work, as long as it implements its own video pipeline).

Hastening The Death Of The PC

[blueZhift]

It occurs to me that this sort of thing is just going to hasten the death of the home PC as a media device. We've already seen the decline in the PC as a gaming platform relative to dedicated consoles in part due to ease of use issues. If I'm Jane user and just watching downloaded videos opens the door to hundreds of spyware apps and other nonsense, I'm going to stop using the PC for stuff like that if there's an easier to use alternative.

The next generation gaming consoles may be ready to become the easy to use box in the living room that is easy to use and never gets infected by viruses or spyware. If this happens, home PC sales will plummet! Couple these boxes with HDTV and high quality sound systems and it's game over for the PC. Slashdotters may be able to cope with the nonsense, but most people are going to take the easy way out, especially if the price of admission is low. As for me, I'd love to see a really good web browser on Sony's PSP, then I could do my mindless surfing in the living room on a reasonably good display.

I guess that explains that

[AssFace]

I was in NYC on business at the end of last week. The owner of our company had me swing by his apartment while I was in town and he wanted me to setup a wireless network there - which I did.
As part of the process I was tasked with fixing the 3 XP laptops that were "not working" or "too slow".

Sure enough, I found that they all had spyware - but one had 52 viruses on it.

The best part was that his wife (it was her laptop) said to me "oh that is odd because my IT person from work JUST scanned that two days ago - so I hardly think that I got 52 viruses in two days."

I tried to be polite but essentially told her that she might want to look into getting a better IT person.

One of the viruses that she had kept spawning instances of the media player and I couldn't figure out why... now I see why I guess.

(technically some of the viruses were trojans/worms/spyware, so I guess I should just say "malware")

Re:WMP-out

[Koyaanisqatsi]

Why? You already have VLC, it's open source, multi-platform and plays a gazillion file formats

Re:It's a bit like IE and activeX except..

[Master+of+Transhuman]

"opens the web page specified by the file's creator. This page is intended to help a content providers promote its products"

In other words adware!

WMP IS ADWARE AND SPYWARE BY MS'S OWN DEFINITION AND DESIGN!

How much more obvious does it get?

One could argue for MS products opening their own Web page for some reason, but some other random company's Web page? I could see providing a URL maybe, but actually going to the site without your permission?

Tell me again MS doesn't want to control your machine!