Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Microsoft

Crackers Tune In to Windows Media Player 367

Posted by CmdrTaco from the hate-when-that-happens dept.
jamshedji writes "Crackers are using the newest DRM technology in Microsoft's Windows Media Player to install spyware, adware, dialers and computer viruses on unsuspecting PC users."
This discussion has been archived. No new comments can be posted.

Crackers Tune In to Windows Media Player More

Crackers Tune In to Windows Media Player

Comments Filter:

  • It's like sun on your wedding day? (Score:5, Insightful)

    by garcia ( 6573 ) * on Tuesday January 11, 2005 @01:01PM (#11322128)
    "It's pretty ingenious," said Patrick Hinojasa, chief technical officer at Panda Software. "To take an anti-piracy feature and use it to feed spyware is extremely ironic."

    Not quite ingenious but certainly not ironic. Perhaps if they were loading copyrighted materials such as movies and music onto your machine while you were attempting to download the license for DRM *then* it would be ironic.

    The sad thing is that 99% of Windows users are likely telling WMP to install these licenses automatically when they try to play a media file. It's the "popup addiction" at work. People can't stand popups and anything to get them out of the way for good is they way they want to go.

    This is going to become yet another excuse for trusted computing and single codec repositories. "Look! You are being infected by those bad sites on the Internet! Want protection? Use trusted computing and you'll never have a problem again! Just sign here, here and here. Pay here and connect here. Ahh, isn't that better?"
    • I can't remember WMP ever asking me for a license before. Maybe I'm just not using the right features, but it plays just about any media file I throw at it without any bitching(codecs being installed). Something like this could REALLY wreck hell if it was written to work with iTunes. A good number of those people buy their music from the service.

      • Re:It's like sun on your wedding day? (Score:5, Interesting)

        by UWC ( 664779 ) on Tuesday January 11, 2005 @01:20PM (#11322437)
        All WMP versions that I've encountered through the current one have given a choice on whether to enable DRM at install. I've never tried installing with DRM enabled, so I don't know if it would request DRM on all files, or just makes sure to verify DRM on protected files, but with DRM turned off, I've not had a problem with playback of other files or portability of WMP-created media (e.g. CDs I've ripped to WMA. Yeah, I know, I should have used MP3 or Ogg, but CDex wasn't working for me at the time, and I was lazy; I've since rectified the transgressions).

        I wonder how long until you're no longer given the choice to opt out of DRM at install, though.

    • ..to install spyware, adware, dialers and computer viruses on unsuspecting PC users. I think I'd be unsuspecting too if some program tried to install a virus on me.

    • True, but sad. (Score:5, Insightful)

      by Penguinoflight ( 517245 ) on Tuesday January 11, 2005 @01:17PM (#11322398) Journal
      I agree with your trusted computing satement, if Microsoft does acknowlege this incident there will only be more problems. Microsoft has been doing this kind of thing for years, so I dont expect their announcements to suddenly be more honest. I'd be even more surprised if the mass media found the real story instead of propogating microsoft garbage speak. Microsoft has been loosing credibility for several years now, in the future I look for "non-trusted computing" to be EASIER, and more trusted. When consumers see a open market that meets these requirements (and it's already impressive), they'll seriously consider a new platform.

    • Trusted Computing Will Make It Worse (Score:5, Insightful)

      by ftzdomino ( 555670 ) on Tuesday January 11, 2005 @01:30PM (#11322548)
      Trusted computing will make current spyware and worm problems a lot worse.

      As soon as a bug is found in a trusted computing architecture, which WILL happen, things will get a whole lot worse for the average user. Spyware will be created which your hardware refuses to allow you to remove, even with a boot disk or safe mode. Your computer will refuse allow you to install anti-virus and spyware cleaning tools. The spyware will install a certificate with high trust levels for spyware vendors.

      Even if no bug is found, companies like AOL have proven they're willing to sell out their customers by bundling adware with AIM without disclosure. This will likely create an initial hole which can be opened up much wider.

      Issues like this are killing Windows. I learned my lesson a few years ago that almost no shareware or freeware can be trusted. This makes Windows a lot less useful and is one of the many reasons why I usually run linux on my desktop.

      IMHO, trusted computing will only hurt Windows' usability by the average user.

      • Issues like this are killing Windows. I learned my lesson a few years ago that almost no shareware or freeware can be trusted. This makes Windows a lot less useful and is one of the many reasons why I usually run linux on my desktop.

        Check out the new cleansoftware site [cleansoftware.org] for free windows software that is free from spyware, adware etc. Not unsurprisingly, most of the software listed there is open source (making a future transition to a UNIX platform much easier). So at least while Windows is dying you can

    • Re:It's like sun on your wedding day? (Score:4, Insightful)

      by krgallagher ( 743575 ) on Tuesday January 11, 2005 @01:46PM (#11322795) Homepage
      Here is another quote:

      "In this case, they're using technology meant to secure content. It just shows that the more bells and whistles you add to the technology, the more you open doors for the bad guys,"

      To me this just proves that trusted computing is a bad deal. The more control you take away from the end user, the more control you give to the people who would hurt you.

    • Not quite ingenious but certainly not ironic.

      I'm getting so amazingly tired of Alanis Haters Anonymous getting on everyone's case for not understanding the word "irony," when in fact, ironically, they themselves do not understand it.

      Irony [reference.com] is an "incongruity between what might be expected and what actually occurs." When companies use anti-piracy "features" to install Spyware, it's ironic, because no one expects that DRM will be used to install Spyware.

      And, while we're at it, it's unexpected (and thus

    • Re:It's like sun on your wedding day? (Score:5, Insightful)

      by SpecBear ( 769433 ) on Tuesday January 11, 2005 @02:47PM (#11323586)
      It's not that it's being exploited by genius so much as it was implemented by arrogance. The very nature of DRM software is to conspire with a content provider to use Joe User's computer against him in a way that he cannot circumvent.

      Any DRM implementation is more likely to be exploitable in ways such as this. DRM is more likely to be insecure from the user's standpoint because it's designed from the ground up with somebody else's security as the highest priority. And once the software has been exploited, it has the potential to be highly troublesome because the malicious code now has access to a system that was designed to prevent the owner of the computer from tampering with it. The more effective the DRM is, the more dangerous it is to the user.

      Perhaps I'm being overly paranoid, but I find this to be quite alarming.

  • It's a bit like IE and activeX except.. (Score:5, Insightful)

    by Ckwop ( 707653 ) * on Tuesday January 11, 2005 @01:02PM (#11322143) Homepage
    this time.. we probably wont have the ability to turn it off.

    This will become the new ActiveX.. I can see it already..

    Simon.

    • Re:It's a bit like IE and activeX except.. (Score:4, Informative)

      by RpiMatty ( 834853 ) on Tuesday January 11, 2005 @01:13PM (#11322336)
      No, in this case WMP asked to go download and install the codec needed to play the video file.
      When the user clicks yes, then their system becomes infected.
      So if you don't trust the video source, or set WMP to not download codec you will be safe

      • Re:It's a bit like IE and activeX except.. (Score:4, Informative)

        by notasheep ( 220779 ) on Tuesday January 11, 2005 @01:35PM (#11322650)
        Actually, it has nothing to do with codecs. It has to do with acquiring a license to play a video file. And you can turn this off if you'd like in WMP. The problem is that most folks have it set to automatically acquire licenses by default.

      • No, in this case WMP asked to go download and install the codec needed to play the video file.

        Nothing to do with codecs. From TFA:

        When Windows Media Player encounters a file with certain "rights management" features enabled, it opens the web page specified by the file's creator. This page is intended to help a content providers promote its products -- perhaps other music by the same artist or label. However, the specified web page can show deceptive messages, including pop-ups that try to install softwar

        • Re:It's a bit like IE and activeX except.. (Score:4, Interesting)

          by Master of Transhuman ( 597628 ) on Tuesday January 11, 2005 @01:49PM (#11322851) Homepage
          "opens the web page specified by the file's creator. This page is intended to help a content providers promote its products"

          In other words adware!

          WMP IS ADWARE AND SPYWARE BY MS'S OWN DEFINITION AND DESIGN!

          How much more obvious does it get?

          One could argue for MS products opening their own Web page for some reason, but some other random company's Web page? I could see providing a URL maybe, but actually going to the site without your permission?

          Tell me again MS doesn't want to control your machine!

    • Re:It's a bit like IE and activeX except.. (Score:5, Informative)

      by dewke ( 44893 ) on Tuesday January 11, 2005 @01:17PM (#11322390)
      You can turn the "feature" off. The spyware is installed when the player claims it needs a license. The settings for this are on the privacy tab.
      • The problem is, that setting does not work! I have it turned off, but Zonealarm still gets hit whenever I play a WMV file that wants a license... there's a reason why I don't let IE or WMP access the Internet without explicit permission every time.
        • Well I don't use IE at all, unless there are pages that are specifically designed for it and will not render in firefox.

          I'd be willing to bet you get hit because media player goes looking for the license and then prompts you to install it. Not that I trust MS on that anyway.

  • No logic (Score:5, Insightful)

    by MarkRose ( 820682 ) on Tuesday January 11, 2005 @01:02PM (#11322153) Homepage
    One has to wonder why an application whose primary purpose it is to just display data is such a huge vector for infection. What was Microsoft thinking when they made it possible for movies to automatically open URL's and install stuff? Perhaps someone can explain the logic to me.

    • Re:No logic (Score:3, Insightful)

      by garcia ( 6573 ) *
      What was Microsoft thinking when they made it possible for movies to automatically open URL's and install stuff?

      To make it easier for users to watch movies. Codecs to watch movies are available all over the place but a generally dumb Windows user wouldn't have the faintest idea where to get that.

      Microsoft was attempting to make their media viewing a bit easier by telling them the codec wasn't installed (rather than displaying their famous acid-trip screen saver) and that WMP could attempt to install it

      • Re:No logic (Score:4, Insightful)

        by 99BottlesOfBeerInMyF ( 813746 ) on Tuesday January 11, 2005 @02:32PM (#11323400)

        Microsoft was attempting to make their media viewing a bit easier by telling them the codec wasn't installed (rather than displaying their famous acid-trip screen saver) and that WMP could attempt to install it for them.

        You are incorrect. This exploit has nothing to do with fetching codecs. It is a feature that will open a web page specified by the creator of the movie or song file, that is intended to allow the user to buy a license to use the media. Basically it is a "feature" whereby media player will see a movie, notice you don't have a DRM key for it, and open a web page so that you can buy said DRM key. Unfortunately, like usual MS was completely blinded by dollar signs and did not consider that arbitrary files could direct the user to any old web page, and since IE is full of holes, this makes it pitifully easy to use a media file as a trojan.

        I have not looked at this exploit more than superficially so I am unsure if the media player will always open the page in IE, or if setting Firefox as your default browser will save you. I also do not know with what privilege level IE connects, at a guess I would think it is as you with the lowest security setting for that page, but it could be your default, or connect as "root." Someone also mentioned that there is a setting to disable this, but it does not seem to work.

        It's partly the users' fault for

        ...expecting their computer to be reasonably secure by default, and not silently install programs from anyone who can lure you to a particular web page. Also for assuming that the computer equivalent of a stereo and VCR will not connect you to random places on the internet and randomly install programs. If Sony made it's consumer appliances like this, when you put a VCR tape in from your neighbor you would have to worry that it might make extra ads appear in the middle of your TV screen from that point on.

          • I have not looked at this exploit more than superficially so I am unsure if the media player will always open the page in IE, or if setting Firefox as your default browser will save you. I also do not know with what privilege level IE connects, at a guess I would think it is as you with the lowest security setting for that page, but it could be your default, or connect as "root." Someone also mentioned that there is a setting to disable this, but it does not seem to work.

          There was an article about this

    • Marketing. Think about it if everything you saw instantly connected you to the products page? not saying it is a good idea, but microsoft probably was thinking that they can use it to sell stuff. See something you like in a movie click and voila your at the website to buy it.

    • Re:No logic (Score:2, Interesting)

      by Smidge204 ( 605297 )
      Unfortunately, in order to display the data correctly you need to know how to read it, and that typically requires codecs and plugins... unless you want to recompile/redownload the program each and every time a new format for video/audio/features (subtitles, etc) comes out. (And sometimes it seems everyone and their grandmother has their own codec...)

      Is that a good enough explaination?

      As for what they were thinking, probably something along the lines of: "Our target user has little or no in-depth knowledg

    • Re:No logic (Score:4, Interesting)

      by nine-times ( 778537 ) <nine.times@gmail.com> on Tuesday January 11, 2005 @01:18PM (#11322411) Homepage
      Why do web pages need the ability to launch programs and install things? It's long been Microsoft's design philosophy to hook every one of their apps to the OS and to each other, and give each the ability to do as much as possible. The idea is that this makes productive computer use easier and more transparent.

      And it does. Unfortunately, it also makes malicious computer use easier and more transparent. Microsoft has ignored that aspect to their design philosophy, and it's become the source of many highly-publicized security issues.

    • Re:No logic (Score:5, Informative)

      by DavidD_CA ( 750156 ) on Tuesday January 11, 2005 @01:20PM (#11322436) Homepage
      If you RTFA, you'd understand that Windows Media Player attemps to connect to the Internet when a file is played that it doesn't have a valid license for.

      In theory, if you download an MP3 with DRM enabled, Windows Media Player will search your computer for the license. If it doesn't find it, it will go to the URL specified in the MP3. This is part of the DRM spec.

      "Hackers" are just taking advantage of this, creating fake MP3s/MOVs and making those URLs go to junk-infested sites.

      In WMP's defense, it *does* ask you first if you want to go out and hit the site for the DRM license. And once you get there, if you're running SP2 then security is no different than any other mailious website you may visit.

      SP2 should block the popups, and give you a much more informative warning if the site tries to push software onto your computer.

      • Re:No logic (Score:3, Informative)

        by mindriot ( 96208 )
        I guess the question is, why is it even possible that downloading a _DRM license_ (which to me is just a piece of data in a certain format) allows downloading and installing of malicious _executables_ at all?!?

        The only thing downloadable should be a valid DRM license. A simple data file basically. Why is it even possible to let it download executables?
        • Blame it on the pesky von Neumann.
        • Why is it even possible to let it download executables?

          Actualy I think that it runs as an executible to make the DRM work in the first place.

          What good would it do if you downloaded a file and the key and they worked anywhere they were both put?

          I think the DRM works by the requesting delivery of the DRM file to everyone (distribution unaltered) the the key is requested (license paid for). The file comes as an executible so it can scan the system so it can gather system specific information such as the h

  • Crackers like... (Score:5, Interesting)

    by NetNifty ( 796376 ) on Tuesday January 11, 2005 @01:03PM (#11322158) Homepage
    Crackers like the RIAA/MPAA contractor Overpeer [slashdot.org]?
  • Really, the article says Hackers. Crackers break software.

    I mean if you're going to rip the first line 'summary' from the article itself, why skimp on one word?

    • Re:Hackers, not Crackers. (Score:5, Insightful)

      by DrinkingIllini ( 842502 ) on Tuesday January 11, 2005 @01:07PM (#11322236)
      Because as /.ers we know the difference, and these are most certainly crackers, not hackers.
      • What do you mean "we," paleface? A "cracker" is either a thin salty wafer or slang for a bigoted white southerner. It's use to mean "malicious computer programmer" ranks up there with "virii" and "boxen" as Really Pointless Language Ticks Fourteen-Year-Olds Can't Grow Out Of Fast Enough.

        Still and all, I look to the positive: Slashdot's continuing replacement of the word "hacker" with "cracker" in otherwise verbatim news article headlines while simultaneously proudly flaunting its lack of any grammer or
        • Crazy crackers, first eminem... now this.

          Seriously, Slashdot needs to give up the nerd dictionary crusade. Hacker is a bad guy with a computer. Cracker is a white guy.

          You won't see people referring to bundle of kindling wood as a faggot anymore--languages evolve new meanings. If you tell someone you threw a faggot on the fire last weekend you'll end up in jail for a hate crime.
    • Wow, you must be Rip Van Winkle. That linguistic battle was lost ages ago. The survivors went on (as losers often do) to slaughter each other in an internecine battle over whether the term for software released under a liberal license should be called "free" or "open source".

      These days, most people who want to play it safe disavow the belief that anything can mean anything, although a few nostalgic old timers are trying to rally the old gang around the idea that DRM should stand for Digital Restrictions

  • What's with /. running months old news? (Score:5, Funny)

    by funkdid ( 780888 ) on Tuesday January 11, 2005 @01:03PM (#11322163)
    Ok I'll admit it. I did a search on Limewire for some "adult" type content. Every single movie I grabbed up tried to get me to install some piece of software in order to watch the movie. 1800fastsearch, etc. I was annoyed that the spyware companies had gotten their tentacles this deep in porn. Those bastards, is nothing sacred?
  • You people have it all WRONG, DRM was meant to Stand for Digital Rights Manipulation, it's actually a Microsoft feature.
  • Besides the obvious troubles of Windows, and of DRM, we now have the added issues of security? Well, at least I don't have to worry about it on my Linux desktop. Just on my Windows laptop. Really, I think that MS must try and leave these open so that they can sell subscriptions to their new AntiSpyware.

    • Re:You know my solution. (Score:5, Insightful)

      by jfengel ( 409917 ) on Tuesday January 11, 2005 @01:21PM (#11322443) Homepage Journal
      Thing is, this is one of those cases that hits Windows more because of the monoculture than directly due to the inherent security flaws or the DRM problem.

      In general "advanced" formats will require downloading software. The fact that the "advance" here is DRM is almost immaterial, except perhaps for the fact that some people believe they're downloading a license rather than software. But Windows asks explicitly if you want to download and install the software. You get a warning, you have to say, "Yeah, I want that piece of malware." The message may not be clear enough, and since there are cases where you do want it you're asking a naive user to make a fairly sophisticated security judgment, but it is there, and the malware can't bypass it. It doesn't need to.

      To my knowledge Linux doesn't have a good solution to that problem, either. If you need software to play that movie/music, it's up to you to verify that the software isn't malware. Linux users escape this problem largely because there aren't enough of them to make it worth the malware writer's effort (as well as the fact that Linux users tend to be better educated and would answer "Hell no!" to the question if asked).

      What's needed here is a security sandbox. Download the codec but don't give it permission to do anything except take stuff from one place in memory and dump it to another, or access a limited direct-to-video API. No network access, no disk access. I'm not aware of any particular Linux security sandbox.

      Microsoft does have its own, in its C#/CLR, though clearly that hasn't made it to the point of writing codecs yet. And it may not, since these are performance-intensive apps and virtual machines impose overhead. I've seen codecs written in Java, and they're tolerable but not what you'd choose.

      • Re:You know my solution. (Score:4, Insightful)

        by cgranade ( 702534 ) <cgranadeNO@SPAMgmail.com> on Tuesday January 11, 2005 @01:30PM (#11322543) Homepage Journal
        On the other hand, so much of this could be avoided by at least not tying DRM into the lowest levels of the OS. Same issue as I have with MSIE. Comprimise Firefox, and you've comprimised an application. Comprimise MSIE, and you've comprimised Windows itself. Furthermore, since all lusers have admin privliges by default, any damage done by even an application can be severe. Hence, my reommendations. First, move the DRM layer out of the OS. Second, don't allow an admin to run the DRM-encrusted software.
        • I'm not sure user-level controls are appropriate. The existence of a special more-privileged user to clean up your mistakes is nice, but it would be better to have finer control in the first place. If you were to download malware into your Linux app, it can do a whole bunch of damage even running as you: install itself in your .rc files, add a bunch of stuff to your path, spend out copious spam and copies of itself. IIRC it can even change your shell to itself. The only thing it can't do is prevent a se
          • Good point. From that perspective, let's write all codecs in Java, since the specs for the Java VM already support sandboxing. Furthermore, we could do a lot under Linux by `su'ing processes to lower privliges. The codecs are mainly seperated into independant shared objects already, so it should be fairly straightforward to make a daemon that listens on a local TCP port that takes in an encoded stream and spits out an unencoded one. This daemon could run as a local user w/o a login shell, and could load in
      • According to the article, users are asked if they want to download a license; they are not asked if they want to install an executable. In any event, the normal MS user simply is conditioned to just press "YES" to get rid of the popup that is standing in their way of listening to the DRM'd crap.

  • Solution (Score:3, Informative)

    by Anonymous Coward on Tuesday January 11, 2005 @01:05PM (#11322213)
    Use the excellent - and free - VLC media player [videolan.org]

  • Surprise surprise... (Score:5, Insightful)

    by tommertron ( 640180 ) * on Tuesday January 11, 2005 @01:06PM (#11322223) Homepage Journal
    Remember when media files used to be safe? When we only needed to worry about files with .exe and .zip and a few others containing viruses or malware? Even before the DRM stuff in Media Player, MS added the ability for video clips to launch web pages. Gee, great idea. Did they never think that people could have exploited that?

    Is it really worth sacrificing the safety of media files so that video players could launch web pages and other code? Another example of Microsoft trying to add usability, whlile sacrificing security. There's no way they couldn't have known about this security flaw.

    • Remember when media files used to be safe? When we only needed to worry about files with .exe and .zip and a few others containing viruses or malware?

      Presumably that was before you learned things.

      All data is safe, processing untrusted data is potentially dangerous, particularly if it is automatic.

      Email is just plain text but look how many buffer overflows various email clients have had just parsing it

      http://www.google.co.uk/search?q=email+parsing+bu f fer+overflow [google.co.uk]

      and is has nothing to do with OSS/CS
    • By default it tells you this is a security risk and should only be allowed for trusted sources. I've seen the technique used for a streaming audio station where it opens a page containing details about the programming for the day, current song, etc. in the main window of WMP. Obviously it would be a bad idea to allow every file to do this without prompting you, but some users are just too clueless to realize that.
    • Hey, some of remember when web pages were safe. I think it was around 1995...

  • This is why I use Linux.. (Score:4, Interesting)

    by Dana P'Simer ( 530866 ) * <dana DOT psimer AT dhptech DOT com> on Tuesday January 11, 2005 @01:07PM (#11322238) Journal
    very little danger of getting infected in this way. And we don't have any DRM mechanisms to get in our way.

    But really, Windows XP does provide a way to keep users from installing just any software, that is by having a seperate administrator user and do you surfing and P2P downloading using a "limited" user account.

    I went to visit some relatives a couple of weeks ago and I found 250 dialers, spyware and malware programs on thier computer using Spybot. It was unbelievable!

    • The issue is: if one does not run Windows with administrator privilieges, one cannot install a huge number of drivers and software, they cannot either use them.

      From printers to scanners and CDRom burning tools, there are loads of MS-related stuff that has never been tested -and which does _not_ work- on a properly configured Windows box.

      The solution? An improperly configurend Windows box, with full rights for the malware...

  • Someone's got to say it (Score:5, Insightful)

    by Bronz ( 429622 ) on Tuesday January 11, 2005 @01:07PM (#11322240)

    They aren't using Windows Media Player to install spyware. They are using WMP to get users to click on a link that takes them to a webpage where, presumably, the user's browser is compromised.

    Give the proliferation of spyware *without* this new fishing technique, I don't understand the significance of this. People find spyware all by themselves, they don't need any help.
    • They aren't using Windows Media Player to install spyware. They are using WMP to get users to click on a link that takes them to a webpage where, presumably, the user's browser is compromised.

      Actually, just playing content is enough to open any page, which, as we all know, could contain malware that exploits a security hole.

      This has been going on for ... what? One year? Two? It's really very old news.

      It's made me give up porn. Sigh. ;-)
  • so when Bill G was up hawking the MS 'plays for sure' market-speak, little did he suspect it was really infected for sure!
  • comprehensive Microsoft security effort is continuing to provide new opportunities to developers/commercial interests to offer system enhancements, needed pharmaceuticals and privacy adjustments. It's so much better then on FOS or OS X, where such efforts are impeded.

  • Not only hackers! (Score:5, Interesting)

    by EvilCowzGoMoo ( 781227 ) on Tuesday January 11, 2005 @01:09PM (#11322283) Journal
    Its not only hackers taking advantage of DRM vulnerabilities. This [virus.org] article at virus.org reports that the RIAA is also exploiting DRM!

    "The contractor Overpeer who works solely for the MPAA and RIAA to polute Peer-to-Peer networks with corrupt and useless files has moved to a new low by using a loop hole within Windows Media DRM to launch popup adds and infect users PCs with Spyware, Viruses and Adware.

    In what could be considered a quite blatent breach of computer crime laws the world over, Overpeer a company owned by Loudeye is making a lot of money seeding Peer-to-Peer networks with thousands of fake files. It's one of the entertainment industry's favourite, and most obnoxious, anti-p2p contractors.

    The loophole in the Windows Media DRM process allows companies to create media files and link them to adware. When you normally download a protected Windows Media file, you also receive a license that lets you play it. If however Windows Media Player cannot find a valid license on your PC, it checks in with a remote system running Microsoft's Windows Media DRM Server.

    You should rarely see that happen. Some files, however are set up to ask you for information before playing. They do this by displaying a URL in a dialog box labeled License Acquisition. Normally that dialog box is used to check for a user name or offer a chance to purchase the file that's being played. In a legitimate DRM-encrypted file the author may let you play it a few times, then bring up a window asking if you want to buy it.

    Since the license dialog box is in essense an Internet Explorer window, it will display whatever is on the page it points to, in the cases that have been seen of this these trojaned Windows Media files, they all point to servers that load up unwanted ads, including windows that attempt install adware onto your PC surreptitiously, including adding items to your browser's Favorites list, attempting to change your home page and installing viral adware such as the 180search Assistant. "

    Acording to the above article's date (December 31, 2004) Is it possible the RIAA inspired the hacker comunity?

  • Crackers? (Score:5, Funny)

    by deft ( 253558 ) on Tuesday January 11, 2005 @01:10PM (#11322286) Homepage
    Has anyone told Chris Rock that crackers are doing this?
    He'll be pissed.

  • Winamp TV had this problem too (Score:5, Interesting)

    by British ( 51765 ) <british1500@gmail.com> on Tuesday January 11, 2005 @01:11PM (#11322305) Homepage Journal
    On the Beta Winamp TV stations, adult site operators quickly figured how to launch URLs on video streams. Needless to say, the support forums showed you how to turn off this feature about a day after the discovery.

    Please, not every app in the known world needs to launch a freakin' web page, etc.

  • Please clear this up for me... (Score:3, Interesting)

    by go$$amer ( 218906 ) on Tuesday January 11, 2005 @01:13PM (#11322334)
    What is the difference between DRM and spyware?

    How could DRM work without inherently 'spying' on the user/victim?

  • WMP-out (Score:4)

    by Doc Ruby ( 173196 ) on Tuesday January 11, 2005 @01:15PM (#11322365) Homepage Journal
    If AOL would open the WinAmp source, after it was examined by a horde of cranky Slashdotters bent on porting it to Linux, it would be at least believed to be less buggy than WMP. It might whip WMP the way Firefox has whipped IE, Apache has whipped IIS, and all the other open source "utilities" are whipping unreliable MS software. Especially if the community could factor down only the essential WinAmp features, leaving the bloated full WinAmp available as #2, just like Mozilla.

    • won't work (Score:3, Interesting)

      by tetromino ( 807969 )
      If AOL would open the WinAmp source

      The problem is that Winamp (IIRC) uses DirectShow and standard Windows codecs for playing movies; WMP is also essentially a gui front-end for DirectShow. (It's just like Linux where you have xine-lib with its plugins, and all sorts of guis for it - xine-ui, kaffeine, totem etc). My guess is that the Windows Media DRM is implemented at the codec level or in the DirectShow pipeline, and not in the media player - otherwise, the DRM would be trivial to circumvent. The only
      • If WinAmp were open source, we could patch it to use something else instead of a buggy DirectShow. One of the first things I would change would be to factor practically every component into a pluggable architecture. Foobar...

    • Re:WMP-out (Score:3, Interesting)

      by Koyaanisqatsi ( 581196 )
      Why? You already have VLC [videolan.org], it's open source, multi-platform and plays a gazillion file formats
      • Because "taking over the Internet" requires a brand name, like WinAmp. Being pleased by the takeover requires quality, like Firefox.
      • Quoth the VLC site:

        It can play:

        * MPEG-1, MPEG-2 and MPEG-4 / DivX files from a hard disk, a CD-ROM drive, ...
        * DVDs, VCDs, and Audio CDs
        * from satellite card (DVB-S),
        * Several types of network stream : UDP Unicast, UDP Multicast (MPEG-TS), HTTP, RTP/RTSP, MMS, etc .
        * From acquisition or encoding cards (on GNU/Linux and Windows only)

        Notice that Windows Media is not listed. So if you want to play a Windows Media file (which is the only sort of format that allows the phishing attack described in

  • Better replacement for WMP (Score:5, Informative)

    by m50d ( 797211 ) on Tuesday January 11, 2005 @01:22PM (#11322451) Homepage Journal
    http://sourceforge.net/projects/guliverkli/ [sourceforge.net]

    Windows media player like it should be. Low resource usage, plays dvds and any file you have the codecs for installed, without any network access at all. (Unless you're playing a stream or course)

  • Simple rule of thumb (Score:5, Funny)

    by karnat10 ( 607738 ) on Tuesday January 11, 2005 @01:23PM (#11322466)
    This has kept my computer safe and my mind happy for the last twenty years. I don't plan to change it:

    Don't buy products from Microsoft!

    There is one exception: The Microsoft Optical Wheel Mouse is a great product. You can't fuck up a mouse, though.

    Wait, Apple's round one-button mouse.

    Now, that's a deal: Apple could learn from M$ how to design mice, while Steve explains to Bill what an Operating System is.

  • Glad to see DRM is protecting digital rights (Score:3, Interesting)

    by RLiegh ( 247921 ) * on Tuesday January 11, 2005 @01:23PM (#11322468) Homepage Journal
    When I first saw the story, I was afraid that hackers were somehow exploiting program flaws in media player that would give them unauthorised access, allowing them to install spyware.

    Instead, it turns out that DRM is simply doing it's job - protecting the digital rights on content providers by punishing those people who attempt to gain access to unathorised media.

    Here's my take, I'm pretty sure that I'll be safe wether I run linux or windows (I run both) since I am not ...wait for it... trying to leech other people's copyrighted material off of dodgy peer to peer networks!

    If you engage in pirating, you deserve the cannonball to your vessel; I, for one, feel no pity.

  • Hastening The Death Of The PC (Score:4, Interesting)

    by blueZhift ( 652272 ) on Tuesday January 11, 2005 @01:30PM (#11322550) Homepage Journal
    It occurs to me that this sort of thing is just going to hasten the death of the home PC as a media device. We've already seen the decline in the PC as a gaming platform relative to dedicated consoles in part due to ease of use issues. If I'm Jane user and just watching downloaded videos opens the door to hundreds of spyware apps and other nonsense, I'm going to stop using the PC for stuff like that if there's an easier to use alternative.

    The next generation gaming consoles may be ready to become the easy to use box in the living room that is easy to use and never gets infected by viruses or spyware. If this happens, home PC sales will plummet! Couple these boxes with HDTV and high quality sound systems and it's game over for the PC. Slashdotters may be able to cope with the nonsense, but most people are going to take the easy way out, especially if the price of admission is low. As for me, I'd love to see a really good web browser on Sony's PSP, then I could do my mindless surfing in the living room on a reasonably good display.

  • I guess that explains that (Score:4, Interesting)

    by AssFace ( 118098 ) <`moc.liamg' `ta' `77znets'> on Tuesday January 11, 2005 @01:30PM (#11322552) Homepage Journal
    I was in NYC on business at the end of last week. The owner of our company had me swing by his apartment while I was in town and he wanted me to setup a wireless network there - which I did.
    As part of the process I was tasked with fixing the 3 XP laptops that were "not working" or "too slow".

    Sure enough, I found that they all had spyware - but one had 52 viruses on it.

    The best part was that his wife (it was her laptop) said to me "oh that is odd because my IT person from work JUST scanned that two days ago - so I hardly think that I got 52 viruses in two days."

    I tried to be polite but essentially told her that she might want to look into getting a better IT person.

    One of the viruses that she had kept spawning instances of the media player and I couldn't figure out why... now I see why I guess.

    (technically some of the viruses were trojans/worms/spyware, so I guess I should just say "malware")

  • It could be much worse (Score:2, Funny)

    by Anonymous Coward
    Guys, it could be much worse. It's not like WMP is forcefully bundled into the world's most popular desktop OS or anything....

  • Am I missing something? (Score:3, Informative)

    by d_jedi ( 773213 ) on Tuesday January 11, 2005 @01:37PM (#11322681)
    It sounds like (after RTFA) all this does is direct a user to a website - supposedly to get a "license" to play the content.. and once on that website, spyware is downloaded.

    So.. isn't this just a new way to get people to visit spyware websites.. which exploit flaws in IE? Meaning, there is no new flaw in WMP here?

    As long as WMP uses your default browser to check for licenses (can someone confirm this?) I'm safe :-> (now, to download some more porn off eDonkey!)

  • This automatic downloading has got to stop (Score:5, Insightful)

    by Animats ( 122034 ) on Tuesday January 11, 2005 @01:41PM (#11322733) Homepage
    It's all Microsoft's fault. They put backdoor IE invocations in everything. And now we're paying the price.

    If you have to run Microsoft, one solution is to back off to Windows 2000. You run Windows 2000. Windows XP runs you. Many corporate installations refuse to go with XP for that reason.

    It's not just Microsoft, either. Remember that DRM-protected CD that changed the firmware on Apple CD drives so the machine would never work again? (And remember Apple refusing to fix it under warranty?)

  • I can always use Microsoft AntiSpyware [slashdot.org] to fix the problem! Right?

  • Someone need to explain this (Score:3, Informative)

    by alexislashdot ( 808899 ) on Tuesday January 11, 2005 @03:07PM (#11323841)
    It seems that 99% of slashdotters didn't understand the article. The article author also has no idea about the subject. Even the "research note" is not perfectly clear.

    This is not a security breach in Windows Media Player.

    Here is what happens. A wma/wmv DRM protected file needs a license to be played. When WMP plays a file that does not have a license it will open a dialog with a web browser control inside and navigate to the "license store url" that was written inside the file. This feature is called "superdistribution" and it is present in other DRM enabled players as well.

    That is all that Windows Media Player does. At most WMP can be acused of not displaying more information about why the dialog was opened. If even the slashdot crowd has problems understanding this, imagine the rest of the computer users.

    Once the IE opens the web page it is no different than going to that url yourself in IE.
    • This is not a security breach in Windows Media Player.
      Here is what happens. A wma/wmv DRM protected file needs a license to be played. When WMP plays a file that does not have a license it will open a dialog with a web browser control inside and navigate to the "license store url" that was written inside the file.

      A program that can be directed to navigate to a URL listed in some file without asking for user verification is "not a security breach"?

      What is a "security breach" in your world?

Slashdot Top Deals

E = MC ** 2 +- 3db

Close