Slashdot Mirror
Crackers Tune In to Windows Media Player
jamshedji writes "Crackers are using the newest DRM technology in Microsoft's Windows Media Player to install spyware, adware, dialers and computer viruses on unsuspecting PC users."
← Back to Stories (view on slashdot.org)
"It's pretty ingenious," said Patrick Hinojasa, chief technical officer at Panda Software. "To take an anti-piracy feature and use it to feed spyware is extremely ironic."
Not quite ingenious but certainly not ironic. Perhaps if they were loading copyrighted materials such as movies and music onto your machine while you were attempting to download the license for DRM *then* it would be ironic.
The sad thing is that 99% of Windows users are likely telling WMP to install these licenses automatically when they try to play a media file. It's the "popup addiction" at work. People can't stand popups and anything to get them out of the way for good is they way they want to go.
This is going to become yet another excuse for trusted computing and single codec repositories. "Look! You are being infected by those bad sites on the Internet! Want protection? Use trusted computing and you'll never have a problem again! Just sign here, here and here. Pay here and connect here. Ahh, isn't that better?"
this time.. we probably wont have the ability to turn it off.
This will become the new ActiveX.. I can see it already..
Simon.
One has to wonder why an application whose primary purpose it is to just display data is such a huge vector for infection. What was Microsoft thinking when they made it possible for movies to automatically open URL's and install stuff? Perhaps someone can explain the logic to me.
Be relentless!
Crackers like the RIAA/MPAA contractor Overpeer?
Linux Wireless Hardware in the UK
Ok I'll admit it. I did a search on Limewire for some "adult" type content. Every single movie I grabbed up tried to get me to install some piece of software in order to watch the movie. 1800fastsearch, etc. I was annoyed that the spyware companies had gotten their tentacles this deep in porn. Those bastards, is nothing sacred?
I boycott signatures
You people have it all WRONG, DRM was meant to Stand for Digital Rights Manipulation, it's actually a Microsoft feature.
For those who still don't suspect, you might try Firefox.
What does Firefox have to do with ending Spyware via WMP? Absolutely nothing. Last time I checked Firefox opened WMP on Windows machines when you attempted to play a media file.
Hmm.
Now maybe if you had suggested some little known media player that didn't automatically install codecs after you clicked "don't ask me again, just install" then maybe your post would have been worth something.
At least RTFA.
Use the excellent - and free - VLC media player
Is it really worth sacrificing the safety of media files so that video players could launch web pages and other code? Another example of Microsoft trying to add usability, whlile sacrificing security. There's no way they couldn't have known about this security flaw.
Random rants about technology: http://technorants.blogspot.com
Because as /.ers we know the difference, and these are most certainly crackers, not hackers.
But really, Windows XP does provide a way to keep users from installing just any software, that is by having a seperate administrator user and do you surfing and P2P downloading using a "limited" user account.
I went to visit some relatives a couple of weeks ago and I found 250 dialers, spyware and malware programs on thier computer using Spybot. It was unbelievable!
They aren't using Windows Media Player to install spyware. They are using WMP to get users to click on a link that takes them to a webpage where, presumably, the user's browser is compromised.
Give the proliferation of spyware *without* this new fishing technique, I don't understand the significance of this. People find spyware all by themselves, they don't need any help.
Has anyone told Chris Rock that crackers are doing this?
He'll be pissed.
There's nothing Intelligent about Intelligent Design.
...a media player? It's a flaw in Windows Media Player, not (unusual as it is) Internet Explorer.
:)
So, in other words - use VideoLAN
On the Beta Winamp TV stations, adult site operators quickly figured how to launch URLs on video streams. Needless to say, the support forums showed you how to turn off this feature about a day after the discovery.
Please, not every app in the known world needs to launch a freakin' web page, etc.
What is the difference between DRM and spyware?
How could DRM work without inherently 'spying' on the user/victim?
STOP. You're being farmed.
Now maybe if you had suggested some little known media player that didn't automatically install codecs after you clicked "don't ask me again, just install" then maybe your post would have been worth something.
I'll go for one, mplayer. There's been beta builds on mplayers site for a while now, but I don't usually hear about anyone using it. While a lot of the port isn't as nice as in linux, and it seems to choke on most real player content even with the codec pack, it's still fairly nice. I keep it on a usb drive and it really comes in handy every now and again.
Everything will be taken away from you.
If AOL would open the WinAmp source, after it was examined by a horde of cranky Slashdotters bent on porting it to Linux, it would be at least believed to be less buggy than WMP. It might whip WMP the way Firefox has whipped IE, Apache has whipped IIS, and all the other open source "utilities" are whipping unreliable MS software. Especially if the community could factor down only the essential WinAmp features, leaving the bloated full WinAmp available as #2, just like Mozilla.
--
make install -not war
I agree with your trusted computing satement, if Microsoft does acknowlege this incident there will only be more problems. Microsoft has been doing this kind of thing for years, so I dont expect their announcements to suddenly be more honest. I'd be even more surprised if the mass media found the real story instead of propogating microsoft garbage speak. Microsoft has been loosing credibility for several years now, in the future I look for "non-trusted computing" to be EASIER, and more trusted. When consumers see a open market that meets these requirements (and it's already impressive), they'll seriously consider a new platform.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Well, to be precise it opens which ever media player is associated with the media file you are trying to open. You can also override this on a per-filetype basis by specifiying a different handler for the file under the "Downloads" section of the Options box - the section titled "File Types". Whether your motivation for switching to Firefox was security, features, web standards or because it's FOSS, then the same motivation should apply to WMP too. Certainly on my Windows boxes none of the primary media types are associated with the DRM and security hole infested WMP.
UNIX? They're not even circumcised! Savages!
If you want a decent open source media player, choose VLC. It works great on Win32, Linux & OS X. Works well supporting CDs, DVDs, AVI, DiVX, MP3, Ogg and just about every other media format known to man - except protected WMA.
So if the exploit relies on dangling a "carrot" in the shape of some free pr0n if you download some licence into WMP, VLC won't protect you from yourself and doesn't offer comparable functionality.
Thing is, this is one of those cases that hits Windows more because of the monoculture than directly due to the inherent security flaws or the DRM problem.
In general "advanced" formats will require downloading software. The fact that the "advance" here is DRM is almost immaterial, except perhaps for the fact that some people believe they're downloading a license rather than software. But Windows asks explicitly if you want to download and install the software. You get a warning, you have to say, "Yeah, I want that piece of malware." The message may not be clear enough, and since there are cases where you do want it you're asking a naive user to make a fairly sophisticated security judgment, but it is there, and the malware can't bypass it. It doesn't need to.
To my knowledge Linux doesn't have a good solution to that problem, either. If you need software to play that movie/music, it's up to you to verify that the software isn't malware. Linux users escape this problem largely because there aren't enough of them to make it worth the malware writer's effort (as well as the fact that Linux users tend to be better educated and would answer "Hell no!" to the question if asked).
What's needed here is a security sandbox. Download the codec but don't give it permission to do anything except take stuff from one place in memory and dump it to another, or access a limited direct-to-video API. No network access, no disk access. I'm not aware of any particular Linux security sandbox.
Microsoft does have its own, in its C#/CLR, though clearly that hasn't made it to the point of writing codecs yet. And it may not, since these are performance-intensive apps and virtual machines impose overhead. I've seen codecs written in Java, and they're tolerable but not what you'd choose.
Windows media player like it should be. Low resource usage, plays dvds and any file you have the codecs for installed, without any network access at all. (Unless you're playing a stream or course)
I am trolling
This has kept my computer safe and my mind happy for the last twenty years. I don't plan to change it:
Don't buy products from Microsoft!
There is one exception: The Microsoft Optical Wheel Mouse is a great product. You can't fuck up a mouse, though.
Wait, Apple's round one-button mouse.
Now, that's a deal: Apple could learn from M$ how to design mice, while Steve explains to Bill what an Operating System is.
When I first saw the story, I was afraid that hackers were somehow exploiting program flaws in media player that would give them unauthorised access, allowing them to install spyware.
...wait for it... trying to leech other people's copyrighted material off of dodgy peer to peer networks!
Instead, it turns out that DRM is simply doing it's job - protecting the digital rights on content providers by punishing those people who attempt to gain access to unathorised media.
Here's my take, I'm pretty sure that I'll be safe wether I run linux or windows (I run both) since I am not
If you engage in pirating, you deserve the cannonball to your vessel; I, for one, feel no pity.
If AOL would open the WinAmp source
The problem is that Winamp (IIRC) uses DirectShow and standard Windows codecs for playing movies; WMP is also essentially a gui front-end for DirectShow. (It's just like Linux where you have xine-lib with its plugins, and all sorts of guis for it - xine-ui, kaffeine, totem etc). My guess is that the Windows Media DRM is implemented at the codec level or in the DirectShow pipeline, and not in the media player - otherwise, the DRM would be trivial to circumvent. The only real solution is a usable windows port of xine-lib or mplayer (even helixplayer would work, as long as it implements its own video pipeline).
On the other hand, so much of this could be avoided by at least not tying DRM into the lowest levels of the OS. Same issue as I have with MSIE. Comprimise Firefox, and you've comprimised an application. Comprimise MSIE, and you've comprimised Windows itself. Furthermore, since all lusers have admin privliges by default, any damage done by even an application can be severe. Hence, my reommendations. First, move the DRM layer out of the OS. Second, don't allow an admin to run the DRM-encrusted software.
#define DRM chmod 000
Trusted computing will make current spyware and worm problems a lot worse.
As soon as a bug is found in a trusted computing architecture, which WILL happen, things will get a whole lot worse for the average user. Spyware will be created which your hardware refuses to allow you to remove, even with a boot disk or safe mode. Your computer will refuse allow you to install anti-virus and spyware cleaning tools. The spyware will install a certificate with high trust levels for spyware vendors.
Even if no bug is found, companies like AOL have proven they're willing to sell out their customers by bundling adware with AIM without disclosure. This will likely create an initial hole which can be opened up much wider.
Issues like this are killing Windows. I learned my lesson a few years ago that almost no shareware or freeware can be trusted. This makes Windows a lot less useful and is one of the many reasons why I usually run linux on my desktop.
IMHO, trusted computing will only hurt Windows' usability by the average user.
It occurs to me that this sort of thing is just going to hasten the death of the home PC as a media device. We've already seen the decline in the PC as a gaming platform relative to dedicated consoles in part due to ease of use issues. If I'm Jane user and just watching downloaded videos opens the door to hundreds of spyware apps and other nonsense, I'm going to stop using the PC for stuff like that if there's an easier to use alternative.
The next generation gaming consoles may be ready to become the easy to use box in the living room that is easy to use and never gets infected by viruses or spyware. If this happens, home PC sales will plummet! Couple these boxes with HDTV and high quality sound systems and it's game over for the PC. Slashdotters may be able to cope with the nonsense, but most people are going to take the easy way out, especially if the price of admission is low. As for me, I'd love to see a really good web browser on Sony's PSP, then I could do my mindless surfing in the living room on a reasonably good display.
To the making of books there is no end, so let's get started
I was in NYC on business at the end of last week. The owner of our company had me swing by his apartment while I was in town and he wanted me to setup a wireless network there - which I did.
As part of the process I was tasked with fixing the 3 XP laptops that were "not working" or "too slow".
Sure enough, I found that they all had spyware - but one had 52 viruses on it.
The best part was that his wife (it was her laptop) said to me "oh that is odd because my IT person from work JUST scanned that two days ago - so I hardly think that I got 52 viruses in two days."
I tried to be polite but essentially told her that she might want to look into getting a better IT person.
One of the viruses that she had kept spawning instances of the media player and I couldn't figure out why... now I see why I guess.
(technically some of the viruses were trojans/worms/spyware, so I guess I should just say "malware")
There are some odd things afoot now, in the Villa Straylight.
Seriously I haven't felt the need to install any AV player after MP Classic and mega codec pack from kazza-lite. Also use real player alternative and quicktime alternative much less resouce use and no phoning back to home.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
Guys, it could be much worse. It's not like WMP is forcefully bundled into the world's most popular desktop OS or anything....
It sounds like (after RTFA) all this does is direct a user to a website - supposedly to get a "license" to play the content.. and once on that website, spyware is downloaded.
:-> (now, to download some more porn off eDonkey!)
So.. isn't this just a new way to get people to visit spyware websites.. which exploit flaws in IE? Meaning, there is no new flaw in WMP here?
As long as WMP uses your default browser to check for licenses (can someone confirm this?) I'm safe
I am the maverick of Slashdot
If you have to run Microsoft, one solution is to back off to Windows 2000. You run Windows 2000. Windows XP runs you. Many corporate installations refuse to go with XP for that reason.
It's not just Microsoft, either. Remember that DRM-protected CD that changed the firmware on Apple CD drives so the machine would never work again? (And remember Apple refusing to fix it under warranty?)
VideoLAN, plays just about everything.
between the greater and lesser infinities sleep the dreams undreamt
Actually MSFT is the probelm. Forget being pro-linux(i am not currently running it). MSFT doesn't know security. It doesn't know how to design security. MSFT first builds features and then tries to figure a way to secure them. Your supposed to work the other way around.
Also Why does WMP default open IE eve if your default web browser is something else?
MSFT programs that were designed wrong to begin with
IE, WMP, Outlook, Active X, Windows Scripting, MS word macros, MS excel Macros(yes they are close).
The fact is MSFT has designed lot's of software and duplicated functionality first, then thought about if what they were doing could cause a probelm.
No OS or software is perfect, but MSFT puts stupid obvious holes in their software and dismisses those who complain. there is no reason why Active x should be designed to take advantge of the entire system. How about Macro's? IE, WMP, Outlook are basically ONE program. That is how tightly they are tied together. Is there a reason why?
i thought once I was found, but it was only a dream.
Which is why once a year or so I do a scheduled complete re install. everything gets backed up and then I boot from a floppy and type my all time favorite command for cleaning a windows computer.
/s
format c:
it takes a couple of days but hey it's all good.
i thought once I was found, but it was only a dream.
This should not be modded insightful. What garcia didn't process is that WMP will open the default browser to process the DRM license. If Firefox is your default browser it will be opened and presumably the webpage will not be able to use IE exploits to install malware. This of course is due to the fact that the issue is with security holes in IE and not WMP. The issue with WMP is that it is accessing IE.
Crazy crackers, first eminem... now this.
Seriously, Slashdot needs to give up the nerd dictionary crusade. Hacker is a bad guy with a computer. Cracker is a white guy.
You won't see people referring to bundle of kindling wood as a faggot anymore--languages evolve new meanings. If you tell someone you threw a faggot on the fire last weekend you'll end up in jail for a hate crime.
It seems that 99% of slashdotters didn't understand the article. The article author also has no idea about the subject. Even the "research note" is not perfectly clear.
This is not a security breach in Windows Media Player.
Here is what happens. A wma/wmv DRM protected file needs a license to be played. When WMP plays a file that does not have a license it will open a dialog with a web browser control inside and navigate to the "license store url" that was written inside the file. This feature is called "superdistribution" and it is present in other DRM enabled players as well.
That is all that Windows Media Player does. At most WMP can be acused of not displaying more information about why the dialog was opened. If even the slashdot crowd has problems understanding this, imagine the rest of the computer users.
Once the IE opens the web page it is no different than going to that url yourself in IE.