wmv files could be trojans

Posted:
in Mac Software edited January 2014
Microsoft does it again :



http://www.boingboing.net/2004/12/30...es_malici.html



According to PCWorld and TechDirt, Windows DRM contains a flaw that allows for attakcers to create music files that contain trojans that attack your computer when you play them, and moreover, the music industry has hired a company called Overpeer which is flooding the P2P networks with infected fake music files.



Overpeer is the same company that the recording industry has hired in the past to dump fake versions of songs on file sharing networks. What the article doesn't answer is whether or not the industry hired Overpeer to dump spyware on the network as well, but it's likely they're pleased either way. Overpeer defends their actions by saying that anyone obviously deserves what they get because, obviously, they were looking for unauthorized files. It's not clear that everyone would agree. Sneaking malicious files onto someone's computer because "they deserved it!" doesn't seem like a very good justification. What may be even more important to this story, however, is the revelation of just how easy it is, thanks to a huge loophole in Microsoft's copy protection technology, to include a malicious file with an audio or video file. Basically, because Windows DRM needs to look for a license, all anyone needs to do is point that license to a website that loads malicious content and off you go.



Thank you Microsoft, for creating a huge loophole that will probably make sure millions of new computers are loaded with spamming, DDOSing trojans shortly.

Comments

  • Reply 1 of 8
    mr. memr. me Posts: 3,219member
    Quote:

    Originally posted by macanoid?

    Microsoft does it again :



    http://www.boingboing.net/2004/12/30...es_malici.html



    According to PCWorld and TechDirt, Windows DRM contains a flaw that allows for attakcers to create music files that contain trojans that attack your computer when you play them, and moreover, the music industry has hired a company called Overpeer which is flooding the P2P networks with infected fake music files.



    Overpeer is the same company that the recording industry has hired in the past to dump fake versions of songs on file sharing networks. What the article doesn't answer is whether or not the industry hired Overpeer to dump spyware on the network as well, but it's likely they're pleased either way. Overpeer defends their actions by saying that anyone obviously deserves what they get because, obviously, they were looking for unauthorized files. It's not clear that everyone would agree. Sneaking malicious files onto someone's computer because "they deserved it!" doesn't seem like a very good justification. What may be even more important to this story, however, is the revelation of just how easy it is, thanks to a huge loophole in Microsoft's copy protection technology, to include a malicious file with an audio or video file. Basically, because Windows DRM needs to look for a license, all anyone needs to do is point that license to a website that loads malicious content and off you go.



    Thank you Microsoft, for creating a huge loophole that will probably make sure millions of new computers are loaded with spamming, DDOSing trojans shortly.




    Not to brag on myself or anything, but I saw it weeks ago. Read my post from December 28, three days ago.
  • Reply 2 of 8
    I thought this was in addition to what you already posted, which I did read of course. The exploits don't seem entirely the same, if they are, sorry!
  • Reply 3 of 8
    wmfwmf Posts: 1,164member
    I don't think this applies to OS X. Does Windows Media Player for Mac even support DRM?
  • Reply 4 of 8
    nope, is indeed a Windows only problem, but since some of you here use windows as well or have friends that use it, I thought that might be useful info! Plus, scare the public into not using wmv is a good thing
  • Reply 5 of 8
    mr. memr. me Posts: 3,219member
    Quote:

    Originally posted by macanoid?

    I thought this was in addition to what you already posted, which I did read of course. The exploits don't seem entirely the same, if they are, sorry!



    I was writing about a vulnerability that I thought was introduced by Windows Media 10. Windows Media Player 10 is Windows-only. Microsoft always gives Windows users the best vulnerabilities first. It was while using Windows XP SP2 that I realized how easy it is to exploit the DRM scheme in Windows Media Player 10.



    Strictly speaking, the BoingBoing.net reference deals with server redirection whereas mine dealt with the possibility of direct download of trojans. I don't see these two concerns as mutually exclusive. What is important is that the Windows Media 10 DRM scheme is available to everybody. It's design and implementation literally scream: "Exploit me!" Another thing: Although the BoingBoing.net post does not explicitly single out WMP 10, it was published several weeks after WMP 10 was released in the wild.



    This has implications for Apple's FairPlay DRM management. We hear a lot of weeping and wailing and knashing of teeth about Apple's refusal to license FairPlay to third parties and Apple's refusal to allow other DRM schemes to work with iTunes. Until now, I supported Apple's decision in deference to its business judgment. Now I see Apple's decision as essential to maintaining the security of iTunes and iPod users, particularly those who run Windows.



    I do not believe that the WMP 10 DRM scheme will pose a threat to MacOS X if it is ever ported to the Mac. For that to happen, it would have to breach the inherent strong security of MacOS X.
  • Reply 6 of 8
    aquaticaquatic Posts: 5,602member
    That is an interesting point concerning FairPlay and security, that I hadn't thought of! I'm sure there is a solution though.



    Anyhow this made me laugh hardcore: "Microsoft always gives Windows users the best vulnerabilities first."



    Sweet. Is that why on a lot of the porn I download it says "You are not authorized to watch this content" or somesuch in the Windoze Media Player? MPlayer and VLC just hiccup and nothing happens.
  • Reply 7 of 8
    Quote:

    Originally posted by Aquatic

    Sweet. Is that why on a lot of the porn I download it says "You are not authorized to watch this content" or somesuch in the Windoze Media Player? MPlayer and VLC just hiccup and nothing happens.



    Yes. Windows Media Player for the Mac doesn't support the current DRM. That is good. The fact that you are watching a video doesn't have to be registered with a central server. You are better off with the cops not knowing that you are watching kiddie porn, err...
  • Reply 8 of 8
    mr. memr. me Posts: 3,219member
    Quote:

    Originally posted by Aquatic

    ....



    Sweet. Is that why on a lot of the porn I download it says "You are not authorized to watch this content" or somesuch in the Windoze Media Player? MPlayer and VLC just hiccup and nothing happens.




    If you are using WMP 9, then the answer is "Yes." You are trying to view a WM 10 video. If you have a Windows XP machine handy, you ought to download WMP 10 and then try to view that same video. You will be taken to a license server where WMP 10 will download a license. Examine each step of the process in terms of its security implications. Clean your pants.
Sign In or Register to comment.