RIAA/MPAA Contractor Deploys Malicious Adware Trojans

RichardX writes "Overpeer, the organization responsible for seeding many peer to peer networks with damaged, corrupt and fake files has now found a way of hiding spyware and adware inside Windows Media files by using a DRM loophole and is using this technique to further pollute p2p networks." Several readers sent in a PCworld article on the same subject.

So how..

[kmak]

exactly are they getting away with this?

Doesn't surpise me one little bit.

[Naikrovek]

People and companies that see their lucrative source of income starting to dwindle get desperate. Desperate companies (SCO) and organizations (RIAA, MPAA) make drastic moves, and those drastic moves are always overhanded.

record companies employ illegal tactics to enforce their view of the world, expecially when they think they see recognizeable dips in their revenue. Nevermind that they're not actually losing money - the perception of loss is all it takes.

right now they're saying to themselves (as justification for illegal activities) "desperate times call for desperate measures".

These are not desperate times, and those are overly-desperate measures. They're weak, and owned by the music, not the other way 'round.

Re:I Wonder...

[BrynM]

Except to file complaint you have to admit you were trying to download a "pirated audio file".

Normally that would be entrapment, but they aren't a law enforcement agency (yet). Thus it doesn't count.

Re:Virus??

[eln]

I don't know, the MPAA and RIAA have done a pretty good job of convincing the public that pirating music and movies is basically the same as grand theft, and therefore perpetrators deserve everything they get. They have been remarkably devious in their propaganda.

For example: My son watches a lot of Disney Channel, and on that channel there is an animated show called the Proud Family. On this show, about a year or so ago, there was an episode that involved the daughter of the family downloading music. It was 100% blatant propaganda, complete with the corner record store going out of business, and people there losing their jobs, because she downloaded music. It truly made me sick to my stomach that such ridiculous propaganda was being so shamelessly peddled directly to children.

The "average user," and especially the media, is already convinced that p2p is synonymous with illegal activity, so this is unlikely to raise much of an uproar outside of the geek and college student communities.

Re:Stay away from WMA files

[macz]

Maybe it was a vector that targets only the clueless? I wonder if these infected files trigger when played by a complete, drop in replacement for M$ Media Player likeMedia Player Classic [sourceforge.net]

I would bet they don't.

Illegal? When large unsuable corps are involved?

[Chordonblue]

When is spyware a virus? Don't ask your average anti-virus vendor. When I tried to nail down Sophos on this issue they were evasive - to say the least.

If this trojan is killed by an anti-virus program, is it securing your machine or committing an illegal act? I had this very discussion w/Sophos' techs. I had just cleaned the VX/2 trojan out of a computer - and it took HOURS of work to get it fully out of there. I sent a sample to Sophos and they told me that it was legal adware.

My question was obvious: What methods are allowable for adware, and how is that any different than a virus/trojan.

VX/2 was installed on one of my workstations here through a fault of the OS (unpatched at the time). It installed itself without permission. It left no way to uninstall it. It attempted to shut down Adaware and resisted any attempts to kill it.

So.... THIS ISN'T A VIRUS? Then what the hell is?

And so, overpeer's actions come as no big surprise to me. And I have no doubt that the anti-virus people will continue to turn a blind eye because of their FEAR of a lawsuit.

Damnit, don't we PAY THEM to protect us against this sort of thing?

Re:Virus??

[neil.pearce]

Heh, reminds me of the anti-piracy adverts [excellentcontent.com] run by the Federation Against Copyright Theft in UK computer magazines during the 80's.
The one involving the market stall is a particular classic.

Re:The problem

[Nicholas Evans]

However, at the same time, said people are admitting in court that they downloaded (or attempted to download) media for which they didn't hold the copyright.

Ah yes, but the RIAA is so nicely offering the music for download. They do hold the copyright, don't they? Perfectly legal. =)

Re:If they can do it...

[BrynM]

Law of unintended consequences

I think it's ironic that MS originally put these capabilities in so the media companies could provide "richer" and more "interactive" content. The media companies pretty much ignored the capabilities until they found a way to use it as a cludgel. That's like showing someone a car and before realizing they can use it for transportation, they think of it as a battering ram.

**AA legislation and you

[shoptroll]

Hmmm... Isn't there supposed to be some anti-Spyware/Ad-ware legislation in the works?

If so, how long until that goes MIA?

Re:I Wonder...

[Anonymous Coward]

In the UK what they are doing is illegal under the Computer Misuse Act. Basically if you happen to get attacked by this by them, report them to the police and press charges. This is a criminal offence and would net them a 5k fine and 5 years in jail when convicted...

Not what you probably think

[t_allardyce]

This is pretty old and not a 'binary-payload' issue with WMA files, more of a good old IE flaw. Windows media format has the ability to launch a web-page from a media file (i think it actually forces IE, not your default browser which is a violation of the anti-trust crap). Obviously this is just an instruction in the file and a patch could pretty easily turn it off, once the page is opened (in our favourite browser) the skys the limit. You could also disable this by filtering all windows media files through some program that took out the call, if anyone knows of the program or file format that would be cool?

Obviously no one with any know-how actually uses this format, but sometimes the file you want is in it, just be sure to play WMV/A files offline until you find a patch for Windows media player.

ROFL

[Anonymous Coward]

Isn't that blatently illegal?

You mean like...piracy?

I love that people question the morality of the RIAA's actions yet don't turn that moral eye towards...the pirates they're going after! Weird, huh? How one thing gets a complete pass, but when the copyright holders try to protect themselves, suddenly they're bad guys. That's because this website has become a pirate haven.

Re:So how..

[JPriest]

Actually I quit feeling sorry for them while I was at the movies. After the 25th or 30th time paying money to hear the painter and the stuntman complain about how piracy hurts them the message was pretty much lost on me.

Re:The problem

[telemonster]

So if someone wants to make money for nothing (heh), go grab your CD collection and start looking for windows media versions of songs you own on Kazaa. If the download speed is really fast, you know you probably have a trojaned file. Install it, claim your losses, extort tons of money from the company. If someone has cheap access to a lawyer, you could potentially make a good amount of money off of the company. The key is finding a way to claim losses.

Alot of novice users are finding it hard to get mp3 versions of songs they own onto portable mp3 devices. A subnotebook computer without a CD-ROM drive but with USB could be the perfect platform.

Re:So how..

[HiThere]

No... but there *will* be major problems. We can't fix them now, because we don't know what they will be. We do know that they'll probably be either trojans or worms ... or something we haven't thought of. (E.g., perhaps an invisible process could be started automatically at logon time and act as a zombie, siphoning off resources for use by someone else.)

Re:So how..

[Anonymous Coward]

this seems like a direct violation of the DMCA
which "amends U.S. copyright law to (1) provide legal protection for, and remedies to prevent thec ircumvention of, technological protection measures and copyright management information" am i wrong here ?

Re:This is great!

[Anonymous Coward]

Well, this can be good and bad as far as the DRM thing is concerned.

If enough people become aware of this, then DRM will be lumped in the same mental category as adware and spyware. Very nice for everyone who hates DRM.

OTOH, this is meant for the mre casual windows users who won't know what caused their problems. This is realistically meant to make the computers of people who download music to work poorly. It's just messing with them. Then again, adware/spyware guys targeted the same semi-computer literates and failed to keep the stuff secret. A lot of people now know why ads keep magically popping up on their computer.

Bottom line: Hopefully these guys will become as well known for exploiting DRM as the adware/spyware people are now. As normal people start associating DRM == adware or spyware they will not be as likely to buy products 'featuring' DRM.

Can you prove I knew that?

[SeaFox]

However, at the same time, said people are admitting in court that they downloaded (or attempted to download) media for which they didn't hold the copyright.

All they are admitting is that they downloaded a file and got malware installed by the RIAA. Perhaps they were not aware the music was copyrighted. There's plenty of bands I don't know about.

I can't tell by looking at a filename if I'm downloading a signed artist or a local group just trying to promote itself. And P2P isn't just used for copyright infringement, so the fact I used Kazaa to get the file doesn't implicate me.

Even the fact it's a nationally recognized band doesn't prove anything. I have an mp3 file of U2's "Beautiful Day". It is NOT stolen. It was downloaded from Interscope's website back when they were promoting All You Can't Leave Behind.

But the record industry can't deny they're ruining people's computers with their files. Is a single download mistake justify a computer being wrecked and the user perhaps loosing data?

Also, given that Microsoft's loophole is making all this possible, and the RIAA is exploiting that loophole. Since it is now a recognised error M$ either will have to fix it (putting an end to the music industry's little scheme) or they could be named as co defendants in any lawsuit that might arise from this (but then, IANAL, and there is that pesky EULA with 'at your own risk' clauses).

Dubious move......

[Fantasio]

This will more likely kill the WMA format than P2P networks. If I were Bill Gates, I'd sue the RIAA, the MPAA and their hired guns.

Re:So how..

[CountBrass]

Your analogy is flawed: the tag does not just make the suit you stole unwearable it also burns down your bedroom.

It certainly falls flow of a lot of anti-computer misuse legislation.

Re:If they can do it...

[xigxag]

Actually, WMP10 is fairly easy to configure to prevent this from happening. Turn off all the automatic crap in Privacy and Security and you're done.

The law doesn't apply to them

[HangingChad]

Why on earth would the MPAA care about sabotaging some little scrunts computer? Look who they're trying to hire as a lobbyist:

"Tauzin, when he was chairman of the House Energy and Commerce Committee earlier this year, negotiated to take jobs with two major lobbying groups, the Motion Picture Association of America and the Pharmaceutical Research and Manufacturers of America; he just took the PhRMA job."
Source: www.msnbc.msn.com/id/6771489/

They're hiring former Congressmen and Committee chairman. lol. They can buy their way to the kind of clout it will take to get their sweetheart legislation through our Congress, which is more than happy to sell the America public if the donations are high enough. Lobbyists are expecting to spend 2 billion dollars this year.

Don't complain, you elected them. And the first thing they do is loosen up the ethics rules so they can bone the taxpayer even more blatantly than they already are.

This is what the red state mentality considers good government. Chumps.

Re:Virus??

[LabRat]

While I hardly approve of the measures that the **AA's are using to enforce their business model, I think that you are not quite grasping the concept of what is illegal and what is not. The television show you mention clearly was demonstrating an illegal activity. Just because you don't agree with a company's business practice, you don't have the right to steal from them. So, if you think Walmart is the evil anti-christ of retail...are you going to teach your son to shoplift from there? That's what your comment implies. Yes, the RIAA and MPAA are acting in the interests of the record labels and movie studios at the expense of just about everyone else (including the artists). However, anyone who is blatantly stealing intellectual property, through any mechanism, deserves to be prosecuted and punished to the full extent of the law. Don't like it? Work to get the law changed, or move to another country. The only reason that p2p is synonymous with illegal activity is that unfortunately the vast majority of its use is in fact illegal. That's not propaganda..that's realism. And it's people like you who help to perpetuate this, and screw over the rest of us who use BitTorrent for distributing Linux kernels and the like.

As long as you advocate turning a blind eye to blatant theft, please park your high horse at some other address that doesn't respect IP. You are not part of the solution...you are part of the problem.

Re:So how..

[aichpvee]

Only that doesn't mean shit, since movie revenues are at an all-time high. So there should actually be MORE stuntmen and painters being hired... or at least painters. Stuntmen are probably losing work to their friendly neighbourhood CGI doubles.

A concerted effort to email all your files to them

[gelfling]

It's time for a concerted effort to mass mail our files back to them. I thing 200GB per day for the next three years to the MPAA/RIAA and overpeer members and any and all named individuals in those organizations would be the minimum.

I would also like to see a concerted effort to indentify the personal email accounts and personal websites to bombard them with several hundred GB of files per day.

Re:I Wonder...

[I(rispee_I(reme]

The problem is that if they rename the wma files to mp3, and WMP is set to open mp3's, they get the same effect, without the tell-tale extension.

Re:Get legal and save yourself the trouble...

[DoraLives]

Get legal and save yourself the trouble...

(Score:2, Insightful)

Looks like more than just mpa files are becoming corrupted. Slashdot moderation is looking a little green around the gills too.

Wonder how long it would take a dedicated corporate group to work their way into the modding group to a point where they could actually begin to influence what shows up on /.?

/tinfoil hat

Re:So how..

[Anonymous Coward]

That's precisely why I thought this might be a good thing. I always cringe when I see a wma or wmv file. I simply won't download or share wma files what-so-ever. I do look at wmv sometimes because some of the funny-video-on-the-web stuff is in that format.

Kind of scary that your music and movies you may download are potential exploits and security problem for your system. I'd say that's enough of a reason to avoid the Microsoft formats like the plague. But even more pertinent I suppose is to ask if other formats can be exploited in a similar way? Is it possible to break a linux system through the mplayer plugin for example?

Karma

[mohrt]

Looks like its time to build a karma system into these P2P networks?

in the state of minnesota, this is a gross misdeme

[swschrad]

misdemeanor, punishable for up to $5000 and up to 90 days in the clink for every instance of deliberate malware causing loss or damage to a computer.

somebody should document their machine, and when they get hit by this kerrrrrrrrrap, file a case with the police, and drag the overpeer weasels into court.

it would be nice to see some RIAA execs sitting in the can for years and years because they play like russian script kiddies.

They're mis-using a DRM feature of WMA files...

[Svartalf]

And as far as the legalities go, your guess is as good as mine. First off, I Am Not A Lawyer... My take is that they're commiting the same crimes that any other AdWare/SpyWare/Virii/Worm writer is guilty of and therefore has unclean hands with regards to ANY act of enforcement of the IP rights of the labels that use this bunch.

As for avoiding this- there's two answers...

1) Don't listen to their stuff in the FIRST place.
2) If you can't keep from doing that and insist on sharing the stuff, use MP3 or Ogg Vorbis, not WMA. I don't care how much "better" it sounds, like all things Microsoft, there's some nasty catch waiting for you in the end.

Microsoft/ RIAA agreement?

[indianropeburn]

Besides this disgustingly hackneyed attempt at 'securing' musician's rights, could this be part of an agreement between MS and the RIAA? With the plans for Microsoft to be releasing an online music store all of its own (much like iTunes), this could be part of their agreement with the RIAA in order to please the corporation? This is obviously a stretch, but Apple worked at pleasing the RIAA by not allowing music to be copied off the iPod. Maybe Microsoft is trying to please the RIAA by allowing them to take advantage of their DRM and use it to 'protect' their labels. The comment from Microsoft certainly seemed complacent enough that they didn't really care about this much.

Re:I Wonder...

[winwar]

"If a corporation commits an act that would net an individual five years in prison, then that corporation has to shut down for five years."

Better idea: everyone on the board of directors, CEO, etc. goes to jail for five years. I mean, they ARE the decision makers for the corp. If the corp. committed a crime, they should be automatically? responsible. Has the added bonus of not hurting workers. But harder to implement (as in, when monkeys fly out of my rear end....)

Re:Get legal and save yourself the trouble...

[AC5398]

"Get legal by avoiding the P2P clients"

What on earth makes you think that avoiding P2P clients stops you from being vulnerable to trojan wma/wmv files?

TVstationxyorzy.com gets hacked. Their promo wmv file(s) is(are) replaced by wmvs with a trojan payload. Suddenly, downloading what you thought was a safe file, isn't. And your pc is now on the zombie network.

So now, wmv/wma files are on my 'Must Avoid' list, along with DRM'd MP3 files (the only mp3 files my Sony player won't play are the ones I purchased from a legal-download provider), and anything Real. So are Windows updates. And the entertainment industry has bitten yet another hand that feeds it.