Adware Installed through WMA Files

Rest of Eric L. Howes' post here http://www.dslreports.com/forum/remark,12245912~mode=flat

Regards - Charles

 

Hmm. I'm all for raising awareness, but I'm gonna call Shenanigans on this link. The point of contention is that you can embed rich media inside of wmv, or misuse DRM to trick users into visiting a web page.

This is no more or less risky than just going to the web page yourself. If your IE is properly configured to prevent bad things, then you are open to no additional risk. Its not like my well secured XPSP2 machine is going to catch a nasty from watching some random video that I was not otherwise vulnerable to.

 

Hi Ben,

but I'm gonna call Shenanigans on this link

Fair enough, Howes may be wrong, but I wouldn't take what he says lightly. We'll all know soon enough whether this is a Chimera or real.

Another issue, what percentage of XP users have a well secured XPSP2 machine ?

Happy New Year,

Charles

 

More Info on this ?

FYI
RIAA/MPAA Contractor Deploys Malicious Adware Trojans....
Now, they’re using files that look like regular songs or short videos in the Windows Media format to launch pop-up ads and install adware, says PC World.
See below link for More info....

http://p2pnet.net/story/3421


What is a well secured XPSP2 machine in your opinon's ? ...

 

XPSP2 defaults are as locked down as you can get without irritating or confusing inexperienced users. Lots of testing was done around this. There is a lot of room for improving the defaults, but not without expense of breaking things people expect to work. The big vector is people running/installing garbage they shouldnt.

The real trick is in educating people not to trust sites they shouldnt trust, and installing things that they shouldnt install. My wife is not very computer savvy. She is running xpsp2, all defaults, windows firewall (and behind a 99$ firewall/nat thing). I run spybot and adaware on there about once a month to spot check the machine, but nothing shows up. She is well educated not to install anything from the internet, and to say 'no' if anything prompts her. I note that before sp2, the only delta was that i had tweaked the internet zone to prevent activex, crosszone, driveby downloads etc..

I don't think web 'security' is rocket science in this post-sp2 era. The PEBCAK* factor will defeat the best security every time. Its a tough thing to deal with, Legitimate buisiness wants improved functionality and features, but those features are dangerous when used for evil.
* PErson Between Chair And Keyboard


Back on Topic:
Making videos/music launch web browsers isnt new. The only twist now is that its coming from DRM, not the stream itself. Note this is dated 2003:

http://www.microsoft.com/windows/windowsmedia/howto/articles/introwmmeta.aspx#ad_insertion__lemo

Code:

<EVENT NAME= "TimeOut" WHENDONE= "RESUME ">
   <ENTRY CLIENTSKIP= "NO ">
      <REF HREF= "http://Server/Content/Advert.asf" />
   </ENTRY>
</EVENT>

DRM:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmrm10/htm/packagingmediafiles.asp

license acquisition URL
The URL that points to the first Web page that appears in the license acquisition process. A license acquisition URL is included in each packaged Windows Media file; when a consumer tries to play a Windows Media file that is not licensed, the player opens the license acquisition URL to acquire a license.

 

Stick to downloading mp3s!

 

From Ed Bott's site:

http://www.edbott.com/weblog/archives/000340.html

 

great followup link. Hes got good screencaptures in there of the nonsense they are doing. This is the usual trick for fooling unsuspecting users. Its really a shame that what is a pretty sexy feature for DRM is being abused so grossly.

Goes to show that you do NOT say yes without reading where its coming from. I am glad to see that SP2 working as expected, giving the user good warning whats going on!

 

Ben: well put!

I think MS addressed many of the most important security issues with SP2, and "idiot proofed" XP remarkably well. I also think it's a shame MS felt they were obligated to have to do this, because of the huge numbers of computer ignorant users, and the proliferation of malicious nasties on the internet.

I am interested in how the acquisition of Giant plays out. I don't believe it is MS's job to have to police the internet, but they certainly are trying to be proactive with the problems. MS could have chosen to make the public pay them for help to cure the security problems the public brought on themselves, and instead, they took the high road. Gotta respect that.

Johanna

 

More on this: Howes' rebuttle to Ed Bott. Keep in mind that these two people know each and respect each other, so this is not an adversarial discussion, rather a difference of opion.

Howes is posting as eburger68.

http://www.dslreports.com/forum/remark,12245912~mode=flat~start=20

Regards - Charles

 

An update on this issue.

http://channels.lockergnome.com/windows/archives/20050114_your_rights_with_windows_media_drm.phtml

Regards - Charles

 

Hi Tony,

How does this fit in to this discussion about the stated vulnerabilities?

What's the default setting?

Regards - Charles