Neowin.net - DRM in Windows Media Player Helps Spyware

DRM in Windows Media Player Helps Spyware

Posted by Tom Warren on 11 January 2005 - 12:27 · 32 comments & 2978 views

According to a report by Panda Software, two new trojans have appeared on the internet recently which take advantage of Microsoft's Windows Media Player using DRM (Digital Rights Management).

Trj/WmvDownloader.A and Trj/WmvDownloader.B are both spreading through P2P networks and in video files. The trojans take advantage of DRM by attempting to obtain a licence for the video file. The video files infected by these Trojans have a .wmv extension and are protected by licenses, supposedly issued by the companies overpeer (for Trj/WmvDownloader.A), or protectedmedia (for Trj/WmvDownloader.B).

If a user downloads a file which is infected the files pretend to download the licence from certain web pages. Unfortunately they redirect the user to internet sites which hold adware, spyware and dialers. Panda software is currently protecting users against these latest trojans. It's thought that files on P2P networks such as KaZaA or eMule are mainly affected.

View: Panda Software Announcement

Features:

Hi-performance multithreaded buffered CD-ripping & encoding

Copies "Copy-Protected" CDs

Error Recovery, reads audio from badly scratched CDs

Download and upload disc information from/to the freedb, the Internet Compact Disc Database.

Volume Normalizer and Compressor, Fade In/Out, Silence deletion from the start and end of a song

Reads CD-Text

Output Formats: MP3, Windows Media Audio 8 and 9, Ogg Vorbis, MP4, M4A, AAC, FLAC, VQF, WAV, AIFF, and Monkey's Audio

Hide additional information

About the Author
Full name: Tom Warren
Forum name: creamhackered
Contact: via forum PM
Submissions: Normal · Headline

Total votes: 0

Bookmark on del.icio.us

Advertisement

(4 replies) #1 Posted by NimrodUK on 11 Jan 2005 - 12:49: Although P2P users are infected atm, what if this starts appearing on websites? This could be a problem

(6 replies) #2 Posted by SVT on 11 Jan 2005 - 13:23: ...and the fanboys still cheer for WMA

(1 reply) #3 Posted by nookadum on 11 Jan 2005 - 14:06: WMP is NOT integrated into the system. You can remove it, but the process is a bit hard.

(2 replies) #4 Posted by unosys on 11 Jan 2005 - 14:33: This is it...Can someone please sue Microsoft

I am sick of these security bugs..If someone can provide me with some cash i will take microsoft to court with the best lawyers & i'e got all the time in the world.

#5 Posted by WindowsNT on 11 Jan 2005 - 14:50: well that's what you get for using P2P for one, dont download from an untrusted source.

I’ve been thinking about the DRM feature, it's not all Microsoft's fault.
the Licence page is usually an embeded webpage thus any malicious person can exploit it.

(1 reply) #6 Posted by unosys on 11 Jan 2005 - 14:56: Here r the goodies that you get.

"All told, the infection added 58 folders, 786 files and an incredible 11,915 registry entries to my test computer. Not one of these programs had showed me any license agreement, nor had I consented to their installation on my computer".

(1 reply) #7 Posted by jerzdawg on 11 Jan 2005 - 16:04: cant you disable the "auto get/download license" in WMP?

#8 Posted by plasticparadox on 11 Jan 2005 - 17:03: God, that's what you get for downloading WMV files. I've never had issues with MPEG2. It's not that hard, people.

(1 reply) #9 Posted by IGx89 on 11 Jan 2005 - 17:14: Isn't this much more of a problem with IE than WMP? If I'm reading right, the "infected" WMV just opens a webpage when you try to acquire a license, and then IE problems take over and facilitate the actual downloading of malicious programs.

#10 Posted by Tech001101 on 12 Jan 2005 - 00:24: I have seen this month's ago..

I went to view a video file on a website and it asked to download the DRM licence to view it. I did and a host of spyware installed with it.

*******s.

#11 Posted by Tech001101 on 12 Jan 2005 - 00:25: in fact i've seen some prompt to install an ActiveX module with the licence to view the video...

now that is ****e.

#12 Posted by MarkMS on 12 Jan 2005 - 01:15: now i shall rest
->

#13 Posted by Korben_Dallas on 12 Jan 2005 - 02:51: PC World Article (Last Month) was right - Overpeer working with MPAA and RIAA...

1st Wave?
The ads in Overpeer's disguised media files may annoy some users. But malicious agents such as hackers and thieves could exploit the DRM loophole to do far worse. Security experts fear that, for example, criminals could load their own modified media files with keystroke loggers or other software for taking over your PC, and thus steal your passwords or other sensitive information.

http://www.pcworld.com/news/article/0,aid,119016,00.asp

(1 reply) #14 Posted by shichiroji4 on 12 Jan 2005 - 03:14: What a joke!!!! They create more problems before even solving an exisitng one, it's quite beyond me why anyone would go for anything other than iTunes.

#15 Posted by Dinggus on 19 Jan 2005 - 21:22: ahhh, p2p users are already infected? how so? i use LimeWire..

and i dont like WMP, but it sucks for the users like my mom and step dad who dont know anything about a PC ;

[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Scroll to the Top