WTF ... IS WTF!?
We are a collective of people who believe in freedom of speech, the rights of individuals, and free pancakes! We share our lives, struggles, frustrations, successes, joys, and prescribe to our own special brand of humor and insanity. If you are looking for a great place to hang out, make new friends, find new nemeses, and just be yourself, WTF.com is your new home.

Spyware can hide inside Microsoft DRM content

Jung

???
Premium
13,998
2,267
487
#1
p2pnet.net News:- It’s a given that the RIAA and MPAA, wholly owned by the record label cartel and movie studios, or contractors such as Overpeer, will leave no dirty trick unturned in their futile war against p2p and file sharers.

Now, they’re using files that look like regular songs or short videos in the Windows Media format to launch pop-up ads and install adware, says PC World.

That’s because a Windows Media DRM “loophole” allows companies to create ersatz media files and link them to adware.

The ads could also be used by hackers and thieves, PC World points out, continuing, “Security experts fear that, for example, criminals could load their own modified media files with keystroke loggers or other software for taking over your PC, and thus steal your passwords or other sensitive information."

And David Caulton, group product manager for Microsoft Windows digital media division, is quoted as saying, "It's possible that someone could modify [an existing audio] file after it's created to point back to their http server."

PC World says a reader alerted it to an ad-laden Windows Media Audio file, titled ‘Alicia Keys Fallin' Songs In A Minor 4.wma.

"We then found two other WMA files and two Windows Media Video files that had been similarly modified," it says, going on that it figured out that each media file loaded a page served by Overpeer and that each of those pages led to the creation of several Internet Explorer windows, "each containing a different ad or adware".

Ahhhh. Overpeer.

Owned by Loudeye, it’s one of the entertainment industry’s favourite, and most obnoxious, anti-p2p contractors. And it's currently earning mega bucks loading thousands of fake files onto p2p networks in the hope of stopping file sharing.

Marc Morgenstern, Loudeye vp and general manager of digital media asset protection, characterized Overpeer's actions as, “just deserts for people who illegally trade copyrighted works for free,” says PC World.

We wonder how the companies who pay for the 'sales aids' feel about the fact Morgenstern apparently considers the ads to be so unpleasant that they make good weapons.

PC World says it contacted Microsoft and the seven ad-serving companies whose ads popped up and, "We're looking into exactly what's going on with this file and checking to see if this particular model is in keeping with the licensing terms for Windows Media [Digital Rights Management]," Caulton says in the story.

"We wouldn't want to endorse anything that involved delivery of content that appears to be one thing, and then something else is delivered."

Only one of the advertising firms, Kanoodle, responded to PC World inquiries, saying it stringently vets prospective partners. Its president, Lance Podell, emailed PC World, "As in this case, upon detecting or discovering any prohibited distribution activity, we eliminate it immediately."
Article
Slashdot Article
Source PC World Article

This seems like rather a major security flaw. This means that not only images, but audio and video files can now potentially give you viruses. Way to go, Microsoft. :rolleyes:



On as somewhat related note:
What is the plural of 'virus.'
 

I Hate The FCC

Homo est Deus
3,559
4
0
#2
Goddamned Spyware. Why can't people stop being assholes and quit with the spam and viruses?
 

Fire_ze_Missles

Martha Fuckin' Stewart
1,622
12
38
#3
I hate the FCC said:
Goddamned Spyware. Why can't people stop being assholes and quit with the spam and viruses?
Because people can do it.
 

Jung

???
Premium
13,998
2,267
487
#4
I hate the FCC said:
Goddamned Spyware. Why can't people stop being assholes and quit with the spam and viruses?
Because people feel the need to force their shitty products on others, since they can't get by with normal advertising. Also, like FireZe said, because they can.

The question should be, why can't users drop IE and take the proper precausions to prevent these infections? Furthermore, why can't MAJOR software vendors, such as Microsoft, be more active in preventing such things from effecting their products?
 

Descent

Hella Constipated
7,686
165
157
#5
Microsoft doesn't care...none of these companies do.

Technically, couldn't someone sue LoudEye for e-vandalism?
 

Jung

???
Premium
13,998
2,267
487
#6
Descent said:
Microsoft doesn't care...none of these companies do.
Microsoft did purchase a large anit-spy ware company reently. I think I posted about it here.

What they plan on doing with it is still left to be seen though. Imo, it's already too late though. I also have to wonder if they're going to offer an integrated system, or just license someone's else's product for sale under their name.