Is The Recording Industry Hiding spyware In Windows Media Files?
from the so-many-questions... dept
Here’s a story that raises many more questions than it answers. When the recording industry first tried to get politicians to shut down file sharing networks, they went with the “it’s stealing music” line, which generated some interest, but most people didn’t seem to pay attention. Then, the industry suddenly became oh-so-concerned about the fact that child porn was on these systems, and tried to convince politicians they needed to stop file sharing for the “sake of the children.” Lately, it seems the industry will do whatever it takes to make file sharing systems look bad. With that in mind, it makes you wonder if they’d go so far as to specifically hide spyware on file sharing networks just to upset users. It’s not entirely clear if that’s what happened, but it seems like the most obvious explanation for the following story, which was found on Broadband Reports. Overpeer, a subsidiary of Loudeye, has been caught hiding adware and spyware within Windows Media files. Overpeer is the same company that the recording industry has hired in the past to dump fake versions of songs on file sharing networks. What the article doesn’t answer is whether or not the industry hired Overpeer to dump spyware on the network as well, but it’s likely they’re pleased either way. Overpeer defends their actions by saying that everyone deserves what they get because, obviously, they were looking for unauthorized files. It’s not clear that everyone would agree. Sneaking malicious files onto someone’s computer because “they deserved it!” doesn’t seem like a very good justification. What may be even more important to this story, however, is the revelation of just how easy it is, thanks to a huge loophole in Microsoft’s copy protection technology, to include a malicious file with an audio or video file. Basically, because Windows DRM needs to look for a license, all anyone needs to do is point that license to a website that loads malicious content and off you go. Thank you Microsoft, for creating a huge loophole that will probably make sure millions of new computers are loaded with spamming, DDOSing trojans shortly. Thank goodness for that Microsoft DRM, huh? Not only does it not protect any actual property while making things more expensive, it opens up plenty more people to malicious attacks.
Comments on “Is The Recording Industry Hiding spyware In Windows Media Files?”
"They deserved it?!"
Seems to me that the hypothetical perp who hypothetically broke into my house and got hit by the wall of flame cast forth from my hypothetical booby-trap flamethrower got what he deserved, too, but somehow that’s illegal.
And what they’re doing isn’t?
Go figure.
RIAA, MPAA, you’re getting what you deserve.
the black hats...
need to create disruptive code that exploits the DRM open-door, effectively making Microsoft patch it as a vulnerability, and keeping them on their toes in terms of the next DRM bright idea, which can also be hacked, much to the detriment of the user.
what about the Dutch?
Seems to me there’s another astronomically big problem with this system: e.g. in the Netherlands it’s actually legal to download music from p2p networks (although it’s illegal to offer it). Thus, a hapless Dutch consumer downloading one of these infected files is actually not doing anything wrong. Can the music industry explain why he “deserves it”?
If I were Dutch, I’d be looking for one of these files, download it, get my PC infected, and then demand a 10.000 dollar settlement from these bozos who infected my PC while I was doing no wrong (claiming, of course, to be ignorant of the integrated virus). Might be a fun game if, say, a thousand Dutchmen follow suit. 🙂
good God
If the description of the exploit provided by the PC World reporter is correct, Microsoft should be ashamed. That was not a security bug, that shows a complete lack of security auditing on the design of Windows Media player before shipping it… on every desktop PC, because Microsoft’s executives and marketers had earlier decided that WMP had to be a core part of the OS, as one of their typical anti-competitive “screw Real, screw Apple” moves.