Feeds

Trojans exploit Windows DRM loophole

Dirty tricks

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Virus writers have subverted digital rights management features in Windows Media Player to spread Trojans and other malware. License-protected movie (.wmv) files infected with the WmvDownloader-A or WmvDownloader-B Trojans have entered circulation on P2P networks, reports Madrid-based antivirus firm Panda Software.

Normally when a user tries to play a protected Windows media file, and a valid license is not stored on a computer, the application will look for it on the internet, so that the user buy access to copyright-protected content. This new technology is incorporated in the latest Windows Media Player 10 update as well as XP SP2.

If the user runs a video file that is infected by one of the "DRM Trojans", they pretend to download the corresponding license from the net. In reality users are redirected to sites that take advantage of Windows vulnerabilities to download spyware, adware, premium-rate diallers and other viruses onto victim's machines.

The Trojans have been detected in video files with extremely variable names circulating across P2P networks such as KaZaA or eMule. File traders beware.

The video files infected by these Trojans have a .wmv extension and are protected by licenses, supposedly issued by the companies overpeer (in the case of WmvDownloader-A) or protected media (for WmvDownloader-B), Panda reports. Overpeer was previously hired by the recording industry to dump fake versions of songs on file sharing networks. Later it lobed pop-ups and adware at users. Loudeye - overpeer's parent company - told PC World last December that P2P users are getting what they deserve.

Whether overpeer has begun using more aggressive tactics is unclear, the evidence against it is circumstantial and it could be other parties have used its name as a convenient smokescreen. ®

Related stories

Firm gives P2P networks adware infection
Fizzer stealth worm spreads via KaZaA
P2P virus fakes nude Zeta Jones pics

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.