Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crackers Tune In to Windows Media Player

Posted by CmdrTaco on from the hate-when-that-happens dept.

jamshedji writes "Crackers are using the newest DRM technology in Microsoft's Windows Media Player to install spyware, adware, dialers and computer viruses on unsuspecting PC users."

13 of 367 comments (clear)

  1. It's like sun on your wedding day? by garcia · · Score: 5, Insightful

    "It's pretty ingenious," said Patrick Hinojasa, chief technical officer at Panda Software. "To take an anti-piracy feature and use it to feed spyware is extremely ironic."

    Not quite ingenious but certainly not ironic. Perhaps if they were loading copyrighted materials such as movies and music onto your machine while you were attempting to download the license for DRM *then* it would be ironic.

    The sad thing is that 99% of Windows users are likely telling WMP to install these licenses automatically when they try to play a media file. It's the "popup addiction" at work. People can't stand popups and anything to get them out of the way for good is they way they want to go.

    This is going to become yet another excuse for trusted computing and single codec repositories. "Look! You are being infected by those bad sites on the Internet! Want protection? Use trusted computing and you'll never have a problem again! Just sign here, here and here. Pay here and connect here. Ahh, isn't that better?"

  2. It's a bit like IE and activeX except.. by Ckwop · · Score: 5, Insightful

    this time.. we probably wont have the ability to turn it off.

    This will become the new ActiveX.. I can see it already..

    Simon.

  3. No logic by MarkRose · · Score: 5, Insightful

    One has to wonder why an application whose primary purpose it is to just display data is such a huge vector for infection. What was Microsoft thinking when they made it possible for movies to automatically open URL's and install stuff? Perhaps someone can explain the logic to me.

    --
    Be relentless!
    1. Re:No logic by DavidD_CA · · Score: 5, Informative

      If you RTFA, you'd understand that Windows Media Player attemps to connect to the Internet when a file is played that it doesn't have a valid license for.

      In theory, if you download an MP3 with DRM enabled, Windows Media Player will search your computer for the license. If it doesn't find it, it will go to the URL specified in the MP3. This is part of the DRM spec.

      "Hackers" are just taking advantage of this, creating fake MP3s/MOVs and making those URLs go to junk-infested sites.

      In WMP's defense, it *does* ask you first if you want to go out and hit the site for the DRM license. And once you get there, if you're running SP2 then security is no different than any other mailious website you may visit.

      SP2 should block the popups, and give you a much more informative warning if the site tries to push software onto your computer.

      --
      -David
  4. Crackers like... by NetNifty · · Score: 5, Interesting

    Crackers like the RIAA/MPAA contractor Overpeer?

    --
    Linux Wireless Hardware in the UK
  5. Re:Unsuspecting??? by garcia · · Score: 5, Insightful

    For those who still don't suspect, you might try Firefox.

    What does Firefox have to do with ending Spyware via WMP? Absolutely nothing. Last time I checked Firefox opened WMP on Windows machines when you attempted to play a media file.

    Hmm.

    Now maybe if you had suggested some little known media player that didn't automatically install codecs after you clicked "don't ask me again, just install" then maybe your post would have been worth something.

    At least RTFA.

  6. Surprise surprise... by tommertron · · Score: 5, Insightful
    Remember when media files used to be safe? When we only needed to worry about files with .exe and .zip and a few others containing viruses or malware? Even before the DRM stuff in Media Player, MS added the ability for video clips to launch web pages. Gee, great idea. Did they never think that people could have exploited that?

    Is it really worth sacrificing the safety of media files so that video players could launch web pages and other code? Another example of Microsoft trying to add usability, whlile sacrificing security. There's no way they couldn't have known about this security flaw.

    --
    Random rants about technology: http://technorants.blogspot.com
  7. Re:Hackers, not Crackers. by DrinkingIllini · · Score: 5, Insightful

    Because as /.ers we know the difference, and these are most certainly crackers, not hackers.

  8. Someone's got to say it by Bronz · · Score: 5, Insightful


    They aren't using Windows Media Player to install spyware. They are using WMP to get users to click on a link that takes them to a webpage where, presumably, the user's browser is compromised.

    Give the proliferation of spyware *without* this new fishing technique, I don't understand the significance of this. People find spyware all by themselves, they don't need any help.

  9. Not only hackers! by EvilCowzGoMoo · · Score: 5, Interesting
    Its not only hackers taking advantage of DRM vulnerabilities. This article at virus.org reports that the RIAA is also exploiting DRM!

    "The contractor Overpeer who works solely for the MPAA and RIAA to polute Peer-to-Peer networks with corrupt and useless files has moved to a new low by using a loop hole within Windows Media DRM to launch popup adds and infect users PCs with Spyware, Viruses and Adware.

    In what could be considered a quite blatent breach of computer crime laws the world over, Overpeer a company owned by Loudeye is making a lot of money seeding Peer-to-Peer networks with thousands of fake files. It's one of the entertainment industry's favourite, and most obnoxious, anti-p2p contractors.

    The loophole in the Windows Media DRM process allows companies to create media files and link them to adware. When you normally download a protected Windows Media file, you also receive a license that lets you play it. If however Windows Media Player cannot find a valid license on your PC, it checks in with a remote system running Microsoft's Windows Media DRM Server.

    You should rarely see that happen. Some files, however are set up to ask you for information before playing. They do this by displaying a URL in a dialog box labeled License Acquisition. Normally that dialog box is used to check for a user name or offer a chance to purchase the file that's being played. In a legitimate DRM-encrypted file the author may let you play it a few times, then bring up a window asking if you want to buy it.

    Since the license dialog box is in essense an Internet Explorer window, it will display whatever is on the page it points to, in the cases that have been seen of this these trojaned Windows Media files, they all point to servers that load up unwanted ads, including windows that attempt install adware onto your PC surreptitiously, including adding items to your browser's Favorites list, attempting to change your home page and installing viral adware such as the 180search Assistant. "

    Acording to the above article's date (December 31, 2004) Is it possible the RIAA inspired the hacker comunity?
  10. ...so, when did Firefox become... by lxt · · Score: 5, Insightful

    ...a media player? It's a flaw in Windows Media Player, not (unusual as it is) Internet Explorer.

    So, in other words - use VideoLAN :)

  11. Better replacement for WMP by m50d · · Score: 5, Informative
    http://sourceforge.net/projects/guliverkli/

    Windows media player like it should be. Low resource usage, plays dvds and any file you have the codecs for installed, without any network access at all. (Unless you're playing a stream or course)

    --
    I am trolling
  12. Trusted Computing Will Make It Worse by ftzdomino · · Score: 5, Insightful

    Trusted computing will make current spyware and worm problems a lot worse.

    As soon as a bug is found in a trusted computing architecture, which WILL happen, things will get a whole lot worse for the average user. Spyware will be created which your hardware refuses to allow you to remove, even with a boot disk or safe mode. Your computer will refuse allow you to install anti-virus and spyware cleaning tools. The spyware will install a certificate with high trust levels for spyware vendors.

    Even if no bug is found, companies like AOL have proven they're willing to sell out their customers by bundling adware with AIM without disclosure. This will likely create an initial hole which can be opened up much wider.

    Issues like this are killing Windows. I learned my lesson a few years ago that almost no shareware or freeware can be trusted. This makes Windows a lot less useful and is one of the many reasons why I usually run linux on my desktop.

    IMHO, trusted computing will only hurt Windows' usability by the average user.