Become a fan of Slashdot on Facebook


Forgot your password?
The Internet Media Movies Security Your Rights Online

RIAA/MPAA Contractor Deploys Malicious Adware Trojans 883

RichardX writes "Overpeer, the organization responsible for seeding many peer to peer networks with damaged, corrupt and fake files has now found a way of hiding spyware and adware inside Windows Media files by using a DRM loophole and is using this technique to further pollute p2p networks." Several readers sent in a PCworld article on the same subject.
This discussion has been archived. No new comments can be posted.

RIAA/MPAA Contractor Deploys Malicious Adware Trojans

Comments Filter:
  • Re:I Wonder... (Score:3, Informative)

    by tomstdenis ( 446163 ) < minus punct> on Friday December 31, 2004 @04:03PM (#11229554) Homepage
    Yes, it is. Except to file complaint you have to admit you were trying to download a "pirated audio file".

    Of course the alternative is to not pirate WMA files.. mp3 works for me ;-)

  • DRM loophole... (Score:3, Informative)

    by Lisandro ( 799651 ) on Friday December 31, 2004 @04:06PM (#11229591)
    It would be pretty funny seeing someone suing the MPAA for infecting their computers. After all, there're laws for that matter.

    PS: Stuff like this is why i stick to stream formats like MP3, with no extra bullshit.
  • Re:The problem (Score:5, Informative)

    by wolf- ( 54587 ) on Friday December 31, 2004 @04:15PM (#11229664) Homepage
    Except, that I can create a webpage with the media player embedded in it. An IE user visits, downloads the media automagically and is infected.

    You may not have "intended" to infringe on CMAIAA's work, but I forced you to, or rather the browser did.

  • Re:I Wonder... (Score:5, Informative)

    by Richard_at_work ( 517087 ) <> on Friday December 31, 2004 @04:20PM (#11229703)
    No, entrapment is enticing you into doing something you wouldnt have done without being asked. This is a sting, which the police use frequently to catch drug pushers. Basically the difference is how you received the goods, you have to make the concious decision to download that specific file, rahter than them pushing it at you. Since this file will be in amongst normal files, its a sting. If this was the only file, then it would still be a sting. If they approached you and offered you the file, its entrapment. Since you are requesting the file, its not entrapment. This is why police officers have to wait to be approached to either be sold drugs or to sell drugs (depending on if they are after the pusher or user), they cannot approach the suspect and request it. Same with prostitution, they have to play word games with the prostitute to get her to offer him services without him asking for it.
  • Re:The problem (Score:1, Informative)

    by Anonymous Coward on Friday December 31, 2004 @04:48PM (#11229922)
    "However, at the same time, said people are admitting in court that they downloaded (or attempted to download) media for which they didn't hold the copyright."

    Not a problem at all. Really. All you need is a Canadian citizen to download one of these puppies and bring suit in a Canadian court. Since legal precedent in Canada says that you are allowed to download media for which you do not hold the copyright for personal use, the person bringing the suit did not take any illegal action and thus does not have to worry about any potential legal consequences of "admitting he downloads music."

    Problem solved. RIAA fscked.

    PLEASE let this happen sooner rather than later. If I were Canadian, I would be firing up KaZaa specifically for the purpose of downloading the song "Alicia Keys Fallin' Songs In A Minor 4.wma" so I could march right into court and sue their @$$es... since Overpeer themselves admitted in the linked interview that they are the source of these files (admission of guilt), proof of who did it should be a slam dunk.

    For the love of mud, some Canadian slashdotter please do this and end the insanity.

  • READ THE ARTICLE (Score:0, Informative)

    by Anonymous Coward on Friday December 31, 2004 @05:00PM (#11230023)
    A quick read says that the files open web pages where the person can click and install spyware....

    It is not auto installing anything.....
  • by Anonymous Coward on Friday December 31, 2004 @05:11PM (#11230106)
    Actually, in my experience it doesn't work as intended.

    I have encountered a few protected DRM files which didn't actually required any license - They just opened a webpage... And I have had this unchecked ever since I installed WMP.

    However, as I don't use internet explorer, I make sure it is in 'offline mode' - This seems to stop all of this nonsense, as the internet explorer object is what WMP uses for DRM.

    Proxies are another way to go about this...

    In general, though, Microsoft doesn't really give you any options when a DRM'ed file is encountered - It calls the mother site no matter what options you check/uncheck in WMP itself.
  • Re:The problem (Score:3, Informative)

    by hobo2k ( 626482 ) on Friday December 31, 2004 @05:14PM (#11230131) Journal
    In fact, it doesn't even have to be an IE user. Firefox also allows embedding of media player 9. Media player will then use IE to display the "license acquisition url", which then allows the infection.

    [sarcasm] OMG, we've just found a security bug in Firefox! [/sarcasm]

    If the user was already using IE to view your web page, there is no need to use media player. Just put your exploit directly in your page.

  • How to disable (Score:5, Informative)

    by Hoch ( 603322 ) <{moc.oohay} {ta} {hcehhcoh}> on Friday December 31, 2004 @05:18PM (#11230164)
    If this is scripting, which it sounds like, it can easily be disabled. Disable Windows media scripting []. This will disable videos from opening webpages and such. Nice. The article is vague, but this is what it sounds like. The webpages, would then load spyware through normal ie holes.
  • DRM & WM commands (Score:5, Informative)

    by ermon ( 845186 ) on Friday December 31, 2004 @05:25PM (#11230219) Homepage
    WindowsMedia files have a command stream as well as audio and video streams. This command stream can do all sorts of bad things (such as open web pages) at specific points in the timeline. You can easily remove it using various windows media editing tools (and by creating a directx graph that doesn't use the connect stream). However, there are two points to remember here: 1) You can't edit a DRM-protected WM file, and therefore can't delete the stream (I think it is still possible to play it w/o the command stream, tho) 2) What seems to be going on here (according to the article) is that the DRM mechanism itself is used for the pop-ups, rather than the command stream. The way the DRM in WM acquires a license is by connecting to a licensing site and basically executing a URL - This is where the pop-ups/Xware come from, not the command stream. It is interesting to note that while WMP has an option to turn off 'automatic acquisition of licenses', in my experience that option does not prevent WMP from accessing license acquisition URLs. The only ways I found to stop WMP from doing that was to put IE in 'offline mode' and/or block the DRM URLs on a proxy server.
  • by Martin Spamer ( 244245 ) on Friday December 31, 2004 @05:31PM (#11230252) Homepage Journal
    This like all Malware is a very clearly against the law in the UK and most of Europe. The UK Computer Misuse Act makes it a criminal offense for a person to

    "causes a computer to perform any function with intent to secure access to any program or data held in any computer"
    Computer Misuse Act 1990 []

    Depending on what the Company does with the data obtained they are likely also be in breach of the Data Protection Act 1998 [] which allows a £5,000 fine for each person offended against.

    Similar legislation exists throughout Europe [] as part of the Information Society Policy Framework [] agreement.

  • Re:This is great! (Score:3, Informative)

    by FirstTimeCaller ( 521493 ) on Friday December 31, 2004 @05:43PM (#11230318)

    BTW, I remembered the option for something like "automatically download rights management software" when installating Windows Media Player, what, 10 is it now? I hesitantly clicked yes. Now that I've done so, I can't find an option inside of the program to say no. Odd.

    Try Tools|Options|Privacy.

    You should see a check box for "Acquire licenses automatically for protected comment". Uncheck it, click OK and you should be golden.

  • Pro-business myth (Score:2, Informative)

    by Anonymous Coward on Friday December 31, 2004 @06:08PM (#11230468)
    Generally the Republican party is very pro business.

    This is a myth that does not hold up under scrutiny, yet some slashdotters continue to propegate it. Consider:

    1. Generally the Fortune 500 is very balanced in donations to political parties.

    2. The recording and film industry is exceptionally pro-Democratic (in donations and political support).

    3. The richest businessmen in the US are strongly affiliated with the Democratic party, not the Republican party. Microsoft founder and chairman Bill Gates (who was called this week by former President Clinton in order to donate money per the tsunami disaster and embarress the Bush administration) has a growing relationship with predominant Democrats. Warren Buffet, chairman of Berkshire Hathaway, is a long-time established Democrat with great distain for Republicans and their pro-small business tax policy.

    4. The Digital Millenium Copyright Act (DMCA) was supported by and signed into law by President Clinton. It was also sponsored by Republicans Boucher (VA), Doolittle (CA) and Barton (TX) and had very strong bipartison support.

    5. Unions are businesses that are overwhelmingly pro-Democrat. Many industries lean overwhelmingly one way or the other due to lobbying efforts and recognition/support by the parties. So are powerful lobbying efforts such as the NRA, AARP, etc. In fact, about the only industries that are consistently pro-Republican and do not scatter donations to both parties are those that have been the target of Democratic looting (e.g. the fleecing of the healthcare industry by trial attorneys).

    7. Nearly all trial attorneys, owners of much of the wealth in th US, are exclusively Democrats and have significant distain for the little guy. Think about all the class action settlements you've witnessed discussed on slashdot. While the trial attorneys receive tens of millions of dollars *each* in compensation (up to several billion dollars each as was experienced in tobacco class action settlements), the most the "little guy" consumer receives is a coupon for a discount off another purchase, or a few dollars with proof of purchase, etc. A recent Alltel class action settlement resulted in millions in cash being paid to the attorneys, while affected Alltel customers were provided with a $50 coupon off the purchase of a new Alltel phone (at list price, with an extension of their service contract for another service term). One was better off getting a regularly discounted phone at the electronics store rather than the settlement coupon offer.

    8. Enron was greasing both parties (although the mainstream media portrays it as a "Republican scandel", prominant Democrats including Sen. Kerry were very closely affiliated with Enron). So was Worldcom, Global Crossing, etc. Marc Rich of Oil for Food scandel fame received a critically timed pardon from Pres. Clinton minutes before Clinton left office, freeing Rich from almost certain capture by Interpol authorities. Chinese businesses are notorious doners to the DNC and congressional Democrats.

    Why does the "Republicans are pro-big business" myth continue to propegate? Primarily because it is effective in rallying members of large labor unions against the Republican party (by presenting a fictional advisary for them to hate in traditional Orwellian "5 minutes of hate" fashion). Those that actually believe the myth are referred to as useful fools by both parties. The reality is that businesses donate to whoever is effective in pursuing their objectives.

    If you'd like to learn more about this myth, check out [] which details donations by various demographics.
  • Re:So how.. (Score:5, Informative)

    by iminplaya ( 723125 ) on Friday December 31, 2004 @06:46PM (#11230681) Journal
    This whole piracy thing is so silly. It's wierder than "terrorist". Both terms depend on who they are working for. If they're working for the "competition"(so to speak), they're pirates and terrorists. If they're on "our" side, they're distributors and freedom fighters. Do you know who will be the first to go out of business when P2P really takes off? The pirates. The guys out there selling millions of bootlegs. Most pirates usually sell the top 40, RIAA stuff, so they also "controlled" who was distributed, but they are the most expendable. Hell, they're off the books, so who's gonna care? Most people understand that P2P will increase record sales and concert attendance manyfold. This isn't just about money. Control plays a bigger role here. Just like both sides use terrorists in a war, both sides use pirates to distribute their wares. It seems to be mutually parasitic. What I'm trying to say here is that piracy is a diversion, a smokescreen used by those who want to control distribution of information(text, audio, video). It's little different from those who use terrorism to create unjust laws.

    (kind of offtopic)
    I sure wish the ptroleum industry was as concerned about the leaks in their distribution system as the content industry is about theirs.
  • by hairyfeet ( 841228 ) <bassbeast1968 AT gmail DOT com> on Friday December 31, 2004 @07:40PM (#11230941) Journal
    This is NOT a problem.There is a tool out there that can disable wmp scripting ability. ngfix [] I got it to get rid of those annoying pr0n scripts and have NEVER had a problem with pop-ups on wmp since.And it's free!!
  • Re:So how.. (Score:3, Informative)

    by tekunokurato ( 531385 ) <> on Friday December 31, 2004 @09:49PM (#11231553) Homepage
    Well, you can look at who the production companies are. Universal, Disney, Warner; they all have other projects they can engage in, and if not they may choose to pay a higher dividend. The argument might be pushed as far as saying that the resources they have devoted to the fight against piracy would otherwise have gone to making movies and employing people.

    Again, this debate is pretty academic because I completely agree that piracy is not hurting movie sales in either a significant or demonstrable way. But everyone should know that if they're in a business where stealing is a legitimate and/or uncombatable threat, then investment will certainly dwindle and flow to other, likely profitable places.

Have you ever noticed that the people who are always trying to tell you `there's a time for work and a time for play' never find the time for play?