RIAA/MPAA Contractor Deploys Malicious Adware Trojans 883
RichardX writes "Overpeer, the organization responsible for seeding many peer to peer networks with damaged, corrupt and fake files has now found a way of hiding spyware and adware inside Windows Media files by using a DRM loophole and is using this technique to further pollute p2p networks." Several readers sent in a PCworld article on the same subject.
So how.. (Score:5, Interesting)
Re:So how.. (Score:5, Insightful)
Re:So how.. (Score:3, Interesting)
Re:So how.. (Score:5, Insightful)
And yet, checking the local theater listings....
Yeah, piracy is bad. Not BAD, in all caps. Not Bad, with a capital B. But bad. But what the RIAA and MPAA are doing here is worse. It's sleazy, underhanded crap, and if a private citizen did shit like this, the hammer of the judicial system would get dropped on them in a heartbeat.
Kierthos
Re:So how.. (Score:3, Insightful)
OR
Oh, I can't get a return... Well, I guess I'm not going to be investing and therefore not employing stuntmen or painters. Sorry, guys.
Now, do I personally believe that movies need to be made on the scale that they are these days? Fuck no. But it is true that fewer stuntmen will be employed if the pe
Re:So how.. (Score:3, Insightful)
Re:So how.. (Score:3, Informative)
Again, this debate is pretty academic because I completely agree that piracy is not hurting movie sales in either a significant or demonstrable way. Bu
Re:So how.. (Score:3, Insightful)
This is flawed logic. The MPAA has never been able to point to a script and say, "This movie wasn't made because we were afraid it would be pirated." This is all a smokescreen generated to push the idea that the studios live hand-to-mount and that pirating really hurts them.
"The wealthly inv
Re:So how.. (Score:5, Informative)
(kind of offtopic)
I sure wish the ptroleum industry was as concerned about the leaks in their distribution system as the content industry is about theirs.
Re:So how.. (Score:5, Insightful)
Re:So how.. (Score:3, Insightful)
It almost makes you whish they'd just put the actors to whine in front of the camera.. "I used to make millions, and now thanks to those evil pirates, I get paid less than the painter.. the fucking PAINTER!!"
Porch stereo (Score:5, Insightful)
So how about we set a stereo system out on the front porch and shoot the thief when he sets foot on our property? Like hell they're gonna steal my music!
When recording industries become vigilantes and the justice dept looks the other way, it certainly makes it acceptable for the rest of us. Road rage justice (I just DARE you to cut me off), merchants hanging shoplifters, etc. all is acceptable now. Even more interesting is that the punished party may not necessarily be the owner of the affected PC. Imagine Best Buy rent-a-cops torching your apartment building because they're getting even with you for shoplifting some CDs. So what if the building is owned by someone else? If the RIAA can torch anyone's PC if it has an infected file, it legitimizes any business coming after any property associated with any crime.
Quite a monster you've created, Justice.
Re:Porch stereo (Score:3, Insightful)
Ahh yes, here we go. Found a number of news [theregister.co.uk] articles, more on Google [google.com] but no resolution.
Re:So how.. (Score:5, Insightful)
Re:So how.. (Score:5, Insightful)
Re:So how.. (Score:3, Interesting)
Re:So how.. (Score:3, Insightful)
contactus [overpeer.com]
Re:So how.. (Score:5, Insightful)
I must admit I was tempted to install Kazaa and search for and download the file mentioned in PC World's article, just so I could tell my state attorney general they tried to hack my computer. I finally decided it wasn't worth the hassle and potential media attention though. :)
I should note that given their current actions I don't trust them so I used a disposable address from Spam Gourmet to send from and only signed my first name. Maybe I'm paranoid, but I figure any company who thinks it's OK to basically attack other people's computers in the name of stopping P2P just can't be trusted to know both my full name and state.
They're mis-using a DRM feature of WMA files... (Score:3, Interesting)
As for avoiding this- there's two answers...
1) Don't listen to their stuff in the FIRST place.
2) If you can't keep from doing that and insist on sharing the stuff, use MP3 or Ogg V
Re:So how.. (Score:3, Interesting)
Your analogy is flawed: the tag does not just make the suit you stole unwearable it also burns down your bedroom.
It certainly falls flow of a lot of anti-computer misuse legislation.
I Wonder... (Score:5, Insightful)
Re:I Wonder... (Score:3, Informative)
Of course the alternative is to not pirate WMA files.. mp3 works for me
Tom
Re:I Wonder... (Score:5, Interesting)
Re:I Wonder... (Score:5, Informative)
Re:I Wonder... (Score:5, Insightful)
This isn't entrapment or a sting. If a copyright holder or an agent acting on their behalf gets on to a peer to peer network and offers up copyrighted content and you download it, it's yours. Legally they can do nothing, they owned the rights to it and they offered it up and you took it. Thats why ALL the RIAA suits against traders were against uploaders. If you disable uploading you'll kill the networks (you won't kill emule/bittorrent but you won't get much benefit from them either) but you'll be protected from suits. IANAL.
Anyway, I was saying, this isn't entrapment or a sting. What this is is a malicious attack on a user's machine. A rights holder is offering up a file that it owns the rights to and the user is taking them up on it; the fact that they don't know it's a rights holder is irrelevant. Then, included in this they are using exploits and loopholes to install unwanted software on a user's machine designed to hurt the user's experience with their computer. Spyware that doesn't tell the user it's being installed and give them a license agreement and the option to disagree and not install is illegal just like computer viruses are illegal, infact there is no differentiating factor between this and a virus.
Re:I Wonder... (Score:4, Insightful)
Except in this case, the drug dealer is actually being paid by a corporation to distribute a substance that is normally just illegal but is now knowingly harmful (outside of the drug's regular effects). Isn't the corporation, who is sponsoring this harmful activity, legally culpable?
Pirated? (Score:4, Insightful)
Re:I Wonder... (Score:5, Insightful)
Neither the RIAA nor MPAA would release any file unless they had permission to do so. It wouldn't be "copyright infringement" if they are granted the right to give you a copy.
Re:I Wonder... (Score:3, Interesting)
Illegal? When large unsuable corps are involved? (Score:5, Interesting)
If this trojan is killed by an anti-virus program, is it securing your machine or committing an illegal act? I had this very discussion w/Sophos' techs. I had just cleaned the VX/2 trojan out of a computer - and it took HOURS of work to get it fully out of there. I sent a sample to Sophos and they told me that it was legal adware.
My question was obvious: What methods are allowable for adware, and how is that any different than a virus/trojan.
VX/2 was installed on one of my workstations here through a fault of the OS (unpatched at the time). It installed itself without permission. It left no way to uninstall it. It attempted to shut down Adaware and resisted any attempts to kill it.
So.... THIS ISN'T A VIRUS? Then what the hell is?
And so, overpeer's actions come as no big surprise to me. And I have no doubt that the anti-virus people will continue to turn a blind eye because of their FEAR of a lawsuit.
Damnit, don't we PAY THEM to protect us against this sort of thing?
Re:Illegal? When large unsuable corps are involved (Score:5, Insightful)
Re:Illegal? When large unsuable corps are involved (Score:3, Insightful)
If they were totally upfront about what their program did in every (reasonable) respect, and didn't pull any nasty stunts like not uninstalling properly, then they would have every right to be considered "legit adware".
BTW, being able to intimidate someone legally does not necessarily make something "legit".
Re:I Wonder... (Score:5, Interesting)
Re:I Wonder... (Score:5, Insightful)
Obvious objections, with answers:
1. "But that would be a death sentence for the company!" Yeah, and a prison sentence, of any length, is a death sentence for a lot of people -- getting stabbed in a fight, getting raped and infected with AIDS, etc. Doesn't stop us from sending people to prison, even those we know are likely to suffer such consequences.
2. "But what about all the workers who depend on the company for their paychecks? We shouldn't make them suffer!" We send people to prison who are the sole source of support for their families, and those families often suffer terribly. "Corporate imprisonment" would be harsh, deliberately so, and in the long run, the improvements in corporate behavior it would force would benefit everyone -- including workers, whose employers would be more likely to behave ethically if there were real consequences for not doing so.
Re:I Wonder... (Score:4, Insightful)
Also consider that for every law written, someone figures out how to get around it. In this case, companies could simply set up chains of companies ready to fly as soon as the Feds force a shutdown. They could even structure it so that assets are held by a separate company that is not legally tied to the "Evil, L.L.C.". As soon as "Evil, LLC" is shut down, "Evil2, L.L.C." starts up and assets are in the possession of the 3rd company ("Untouchable, Inc.") the entire time.
Re:I Wonder... (Score:3, Interesting)
Better idea: everyone on the board of directors, CEO, etc. goes to jail for five years. I mean, they ARE the decision makers for the corp. If the corp. committed a crime, they should be automatically? responsible. Has the added bonus of not hurting workers. But harder to implement (as in, when monkeys fly out of my rear end....)
Re:I Wonder... (Score:3, Insightful)
If you're in senior management and know your own ass may end up in jail for something illegal your company does, you're going to think a LOT harder about what you allow to happen and what you put
"THEIR" cracker, "OUR" copyrights guardian (Score:3, Insightful)
Aahhhhhhh (Score:5, Funny)
Re:Aahhhhhhh (Score:4, Funny)
We need to take advantage of this (Score:5, Funny)
If they can do it... (Score:5, Insightful)
Re:If they can do it... (Score:5, Insightful)
as a format. Windows Media Player? Stick a fork
in it, it's done.
Re:If they can do it... (Score:5, Interesting)
Re:If they can do it... (Score:5, Insightful)
Bing! You nailed it right there. Microsoft made an obvious policy decision long ago to shift developnment focus from end users to corporations, hence the ease with which 'bad' corporate users abuse the OS at the end user's expense.
Re:If they can do it... (Score:5, Interesting)
I wonder.. (Score:5, Insightful)
wmf? Probably misguided on their part (Score:5, Insightful)
Proof (Score:4, Funny)
Comment removed (Score:5, Insightful)
Ah Microsoft (Score:5, Insightful)
DRM loophole... (Score:3, Informative)
PS: Stuff like this is why i stick to stream formats like MP3, with no extra bullshit.
Doesn't surpise me one little bit. (Score:5, Interesting)
record companies employ illegal tactics to enforce their view of the world, expecially when they think they see recognizeable dips in their revenue. Nevermind that they're not actually losing money - the perception of loss is all it takes.
right now they're saying to themselves (as justification for illegal activities) "desperate times call for desperate measures".
These are not desperate times, and those are overly-desperate measures. They're weak, and owned by the music, not the other way 'round.
The problem (Score:5, Insightful)
However, at the same time, said people are admitting in court that they downloaded (or attempted to download) media for which they didn't hold the copyright.
One possible way around this is if someone already has purchased the CD/DVD and wanted to download a copy so they could archive the original (because they have CD/DVD hardware that couldn't rip the original to disk). Of course, this idea has not been tested in court, and would probably be a protracted and expensive battle to fight.
Re:The problem (Score:5, Informative)
You may not have "intended" to infringe on CMAIAA's work, but I forced you to, or rather the browser did.
Re:The problem (Score:3, Informative)
[sarcasm] OMG, we've just found a security bug in Firefox! [/sarcasm]
If the user was already using IE to view your web page, there is no need to use media player. Just put your exploit directly in your page.
Re:The problem (Score:4, Interesting)
Ah yes, but the RIAA is so nicely offering the music for download. They do hold the copyright, don't they? Perfectly legal. =)
Mod parent up (Score:4, Insightful)
Re:The problem (Score:3, Interesting)
Alot of novice users are finding it hard to get mp3 v
Can you prove I knew that? (Score:3, Interesting)
All they are admitting is that they downloaded a file and got malware installed by the RIAA. Perhaps they were not aware the music was copyrighted. There's plenty of bands I don't know about.
I can't tell by looking at a filename if I'm downloading a signed artist or a local group just trying to promote itself. And P2P isn't just used for copyright in
Re:The problem (Score:3, Insightful)
Something very similar to this has been tested in court. Several years ago, mp3.com had a service to let you download mp3s of albums you owned.. ie, you put your CD into the dr
So if a hacker sets a virus loose, it's bad... (Score:5, Insightful)
However, they do have all right to do this in some respects. They are putting up crap on a P2P network, just like any other idiot. Still, what gets to me is the system in general. When a lone hacker writes a virus, he gets jail time. When a corporation writes a virus...
But then, what should P2P users do? If they're so serious about P2P, they'll either take the risk or find a new way of sharing files that finds the trojans and whatnot.
Although really, I'm suprised the government isn't stepping in right abou... Wait, nevermind.
This is great! (Score:5, Insightful)
BTW, I remembered the option for something like "automatically download rights management software" when installating Windows Media Player, what, 10 is it now? I hesitantly clicked yes. Now that I've done so, I can't find an option inside of the program to say no. Odd.
Re:This is great! (Score:3, Informative)
BTW, I remembered the option for something like "automatically download rights management software" when installating Windows Media Player, what, 10 is it now? I hesitantly clicked yes. Now that I've done so, I can't find an option inside of the program to say no. Odd.
Try Tools|Options|Privacy.
You should see a check box for "Acquire licenses automatically for protected comment". Uncheck it, click OK and you should be golden.
Unchecking 'acquire license...' doesn't work! (Score:4, Informative)
I have encountered a few protected DRM files which didn't actually required any license - They just opened a webpage... And I have had this unchecked ever since I installed WMP.
However, as I don't use internet explorer, I make sure it is in 'offline mode' - This seems to stop all of this nonsense, as the internet explorer object is what WMP uses for DRM.
Proxies are another way to go about this...
In general, though, Microsoft doesn't really give you any options when a DRM'ed file is encountered - It calls the mother site no matter what options you check/uncheck in WMP itself.
Re:This is great! (Score:3)
(In XP) Control Panel -> Add/Remove Programs -> Set Program Access and Defaults -> Non-Microsoft.
And the reason that they cannot remove Internet Explorer is that it is tightly integrated into the OS and with Explorer.exe, which displays file management windows. It has been this way since Windows 98 or ME I believe.
Please do some research instead of assuming things.
**AA legislation and you (Score:3, Interesting)
If so, how long until that goes MIA?
So Scary! (Score:4, Insightful)
What many of you seem to fail to realize is that the purpose of this has nothing to do with actually damaging computers. Rather, what the recording industry is trying to do is stop people from using P2P. And they do this through fear. That's why they do the suing (your chances of getting sued are minimal, but plenty of people get scared and stop downloading). Now, plenty of morons (for who else would this tactic work on?) will hear that downloading music can give you viruses and adware - rumors will fly wildly.
At least, that's their hope. We'll see whether it works.
Not what you probably think (Score:5, Interesting)
Obviously no one with any know-how actually uses this format, but sometimes the file you want is in it, just be sure to play WMV/A files offline until you find a patch for Windows media player.
DRM & WM commands (Score:5, Informative)
Terrorism (Score:5, Insightful)
The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.
How is what the **AA are doing (hacking into music downloaders' computers and installing malware to further their cause against piracy) any different?
If this is the way they think they must do business, lets give 'em h*ll!
Re:Terrorism (Score:4, Insightful)
The primary purpose of this move is not to hurt downloaders, as others have suggested. The intent is to further pollute the p2p networks and scare users away; if you might get something nasty installed on your computer by downloading music (most people wouldn't understand what could and could not infect their computer) then you might decide not to risk it at all, and just give up and become a good citizen. Yes, it's a fear tactic. In fact, they might be willing to be sued by the few people who actually get infected and complain, if it means they can scare away an order of magnitude more people from downloading anything. Most people won't get infected, and won't complain, and might also stop downloading. It's a calculated risk.
Re:Terrorism (Score:3)
First, installing adware hardly meets the definition of violence [reference.com].
Second, when playing the "terrorist card" as a tactic against some person or group, the 2 worst things you could do are to phrase it in the form of a question and invite rational thought/analysis.
Er, anyone have proof/confirmation? (Score:5, Insightful)
The one thing that I find strange about this story is that try as I may, I can't seem to find any information from the "usual" security sources about exactly how this works--as far as I can recall, bugtraq and full-disclosure haven't touched these. Moreover, the only articles about this are the p2pnet one and the PC World one--and the former appears to be derived from the latter.
Both articles are also oddly vague--"security experts" are mentioned, but no specific names dropped, and there are no technical details given at all.
Can anyone provide independent confirmation of this? In particular, if you have details of how one can embed executable code in a wma or provide a sample of such code, please send them my way via brendandg [at] colby.tjs.org
Dubious move...... (Score:4, Interesting)
How to disable (Score:5, Informative)
Misses the issue... (Score:3, Insightful)
The law doesn't apply to them (Score:5, Interesting)
"Tauzin, when he was chairman of the House Energy and Commerce Committee earlier this year, negotiated to take jobs with two major lobbying groups, the Motion Picture Association of America and the Pharmaceutical Research and Manufacturers of America; he just took the PhRMA job."
Source: www.msnbc.msn.com/id/6771489/
They're hiring former Congressmen and Committee chairman. lol. They can buy their way to the kind of clout it will take to get their sweetheart legislation through our Congress, which is more than happy to sell the America public if the donations are high enough. Lobbyists are expecting to spend 2 billion dollars this year.
Don't complain, you elected them. And the first thing they do is loosen up the ethics rules so they can bone the taxpayer even more blatantly than they already are.
This is what the red state mentality considers good government. Chumps.
Re:The law doesn't apply to them (Score:3)
You can't duck responsibility anymore. Republicans are 100% responsible for the continuing corruption and the n
UK Computer Misuse Act. (Score:5, Informative)
"causes a computer to perform any function with intent to secure access to any program or data held in any computer"
Computer Misuse Act 1990 [hmso.gov.uk]
Depending on what the Company does with the data obtained they are likely also be in breach of the Data Protection Act 1998 [hmso.gov.uk] which allows a £5,000 fine for each person offended against.
Similar legislation exists throughout Europe [eu.int] as part of the Information Society Policy Framework [eu.int] agreement.
Bah (Score:3, Funny)
seems the youthful art of vigorus protest has been replaced with typing crap on the internet. I blame video games and cheezits myself....
The goons have never given a rats patootie about words, never. It's held up as the sacred thing, the right of speech, well yes and no, speech is only as good as the intentions acts and deeds that backup that speech. If all you have is speech, you've lost, might as well move on and accept defeat.
;)
Back in the day, we protested, both ways, uphill and downhill and it wasn't all via zap comix and underground newspapers, what passed for the internet you have now.
Bah, must be the additives in the junk food or something.
heh heh heh
A concerted effort to email all your files to them (Score:3, Interesting)
I would also like to see a concerted effort to indentify the personal email accounts and personal websites to bombard them with several hundred GB of files per day.
Re:A concerted effort to email all your files to t (Score:3, Insightful)
That would be rude and might be called a DDoS attack. Double foofoo on you for even sugesting it.
What would not be rude is asking the MPAA/RIAA every time you want to make a backup. You are required according to the flyleaf to contact them to get written permission to copy it after all. Everytime you download something you should ask them if
Dear MPAA: (Score:5, Insightful)
<sarcasm mode></sarcasm mode>
As sad as it is, all that really happened...
You don't have to be even mildly coherent to understand why people are downloading/trading movies.
in the state of minnesota, this is a gross misdeme (Score:4, Interesting)
somebody should document their machine, and when they get hit by this kerrrrrrrrrap, file a case with the police, and drag the overpeer weasels into court.
it would be nice to see some RIAA execs sitting in the can for years and years because they play like russian script kiddies.
Comment removed (Score:3, Informative)
Ahh the 1st amendment. (Score:3, Insightful)
Re:Virus?? (Score:5, Interesting)
For example: My son watches a lot of Disney Channel, and on that channel there is an animated show called the Proud Family. On this show, about a year or so ago, there was an episode that involved the daughter of the family downloading music. It was 100% blatant propaganda, complete with the corner record store going out of business, and people there losing their jobs, because she downloaded music. It truly made me sick to my stomach that such ridiculous propaganda was being so shamelessly peddled directly to children.
The "average user," and especially the media, is already convinced that p2p is synonymous with illegal activity, so this is unlikely to raise much of an uproar outside of the geek and college student communities.
Re:Virus?? (Score:3, Interesting)
The one involving the market stall is a particular classic.
Someday they will show this film (Score:3, Funny)
Re:Virus?? (Score:5, Insightful)
The media may be convinced that p2p is synonmous with illegal activity, but they love scaring viewers by "exposing" crimes that may be happening in your neighborhood! Right next door!
However, the "average user" is much more concerned with their pocketbook than with nebulous notions such as "intellectual property" and "digital rights management". When I bring up the subject to family members, friends and students, their eyes just sort of glaze over. I honestly don't think the average person gives a shit about copyright. The only people who care are those who make money by creating copyrighted works, and those who market/produce/protect those works.
At the high school where I teach and do tech support, the first RIAA lawsuits a few years ago sent a number of students and teachers scurrying to me to see if they might be in trouble for downloading music. My two favorites were the stoner kid who didn't realize he was sharing 4000+ songs on Kazaa, and the evangelical principal who subscribed to Roadrunner for the sole purpose of downloading Christian music (illegally).
The RIAA/MPAA fight is not one that they can ultimately win, because the rules have changed with the ease of copying. They should really look to the model that Scott Kurtz of PVP [pvponline.com] and Epitonic [epitonic.com] - give the content away as a means of promotion, then make your money selling related items such as t-shirts, books, concerts, etc. Sure, books and videos can also be pirated, but until they're as easily accessible as music is via an iPod or something similar, there's still money to be made. Hell, most bands make their money on tour from t-shirt sales.
Anyway, don't think for a second that the "average user" thinks p2p is "wrong" - most users I've encountered are just annoyed that it isn't easier to find things.
Re:but the corner stores --are-- gone (Score:3, Insightful)
We had 3 local hardware stores in our area close in the past year. Who's pirating screwdrivers?
Independant businesses going up against big chains always run the risk of failure, especially when the chains they're up against step up their advertising as they have in the wake of the increase in piracy awareness (at least I think tha
Re:Virus?? (Score:5, Insightful)
Of course, if there is an easy way to get a product free, people are unlikely to demand it at any price other than free, and so the business will fail unless it can either stop the free distribution of its products, or start selling products that are more difficult to distribute for free.
Under these criteria, the model of selling content that is easily obtainable for free IS destined to fail, whether demand exists or not, since the demand exists at a price point (free) that is by definition unable to generate profits. This is why these organizations are so afraid of filesharing. They can't figure out a way to maintain their current business model, and they haven't figured out a viable alternative business model, in the presence of filesharing.
Re:Virus?? (Score:3, Insightful)
Except for one thing: File sharing does have a "cost." It may not cost anything monetary, but it costs quite a bit of time and effort to hunt down good quality files that are what they say they are. Not to mention then correcting any incorrect meta-data. Combined with bad/corrupted files, files that are mislabeled, disconnects, incomplete albums - file sharing has a cost in time and effort.
This is why Apple's iTunes Music Store is working as well as it is. It's an easy way to download good quality fi
Re:Stay away from WMA files (Score:3, Interesting)
I would bet they don't.
Re:Get legal and save yourself the trouble... (Score:3, Insightful)
Do you work for Microsoft, by chance? Perhaps the RIAA?
Re:Get legal and save yourself the trouble... (Score:3, Interesting)
(Score:2, Insightful)
Looks like more than just mpa files are becoming corrupted. Slashdot moderation is looking a little green around the gills too.
Wonder how long it would take a dedicated corporate group to work their way into the modding group to a point where they could actually begin to influence what shows up on /.?
/tinfoil hat
Re:If spyware/malware is illegal... (Score:3, Funny)
No, but three rights make a left. (Ducks)
Re:If spyware/malware is illegal... (Score:4, Funny)
"not if you're defending your..." (Score:3, Insightful)
This is like saying "Some people have burgled my house and escaped in a white car, so I'm gonna slash the tires of every white car I see."
IF those who deploy the software: >don't know that the person getting the trojan has broken the law (and there's no way they could know), and >don't know whether the person g