Broadband Tech > Security > Security > Adware Installed through WMA Files

Adware Installed through WMA Files

said by PC World:

---

* Change windows Media Player setting to give you more warning. Select Tool, Options, Privacy and turn off 'Acquire licenses automatically for protected content'. A dialog box then will warn you each time a protected file attempts to get a license, and it will display the URL from which the file intends to request the license. If you have any doubts about the site, choose 'No.' Changing this setting in Windows Media Player will affect any other players you use that support Microsoft's DRM scheme.

---

Thanks for the info. I just turned off the "Acquire licenses automatically for protected content".

reply to eburger68
This could be a nightmare if this loophole becomes widely exploited. Even users who know better than to click on links or "yes" on dialog boxes might not think twice about clicking to view a WMA file. Another avenue of education to put forth. Thanks again, Eric for some valuable information.
--
"Think for yourself and let others enjoy the privilege of doing so too." - Voltaire

reply to eburger68
Wow!

Excellent article edburger68... good find!

I rarely play WMA's but, it is worth looking into the WMP settings and turning off "acquire licences automatically for protected content".

Scary man..

reply to eburger68
Thanks for this disturbing information, Eric.

The newest version, Windows Media Player 10, does *not* make it easy to locate the options for the player. It took me a while to find the location. With the player open, click the "now playing" tab, then click the small button below. You won't see options yet - you have to mouseover Plug-ins, then move over to the options tab. There you can essentially neuter the darn thing. It will also attempt to hijack your file associations. After installing this new version, I was temped to uninstall it, go to oldversion.com and download an older, less annoying version.

Edit to correct grammar.
--
aka Suzi, Spyware Warrior

I had no problem finding that option and there are other ways to access it.

reply to eburger68
Yet another reason why DRM = evil. How long before malware writers exploit this vulnerability?

reply to Portmonkey

In Media Player 9, turn on the menu bar if it's off (by clicking the double arrow near the top of the screen). Then click Tools, Options. Go to Privacy tab. Turn off "acquire licenses automatically" here. Heck, uncheck everything on this page while you're there.
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages.

Re: WMA -- Base install

reply to kpatz

Re: Adware Installed through WMA Files

reply to suzi
I've been tempted to upgrade to WMP10, but after reading
this, I'll pass on it. Thanks a lot, Microsoft. If there's
one annoyance I can't stand (other than spyware/adware),
its applications hijacking file associations. It sounds as
if Microsoft is getting as bad in this area as Real
Networks.

As for the booby-trapped WMA files, how long before legal
downloan (yes, the files should be called that, because
you are in effect only renting them) services start
pulling this crap?
--
"Kayura or Badamon, whichever you are, you should know that I will never give up this battle. By the will of the Ancient, I shall succeed!" - Shuten (Anubis) from the Ronin Warriors.

Use these music players instead.
Windows Media Player + QuickTime Player + RealPlayer may add too many unnecessary features, add a lot of things to your system, and make them bulky, and so on...

Or if you hate intalling a lot of media player just for the sake of opening their related file associations...

Use the much lighter ones all-in-one media player (for free! :P):
The music player (light and simple), it can replace Windows Media Player:
»www.free-codecs.com/download/Med···ssic.htm

To replace QuickTime, add this plug-in:
»www.free-codecs.com/download/Qui···tive.htm

To replace RealPlayer, add this plug-in:
»www.free-codecs.com/download/Rea···tive.htm

Note: You may experience some minor problems when opening some of RealPayer or QuickTime files. If it was the case, close and re-open the music player and open the files should work again.

reply to eburger68
At last my paranoia paid off. DRM in off in both IE and in my GP settings.
--
Lord, aint it a shame...in all this comfort...can't take the strain...

reply to eburger68
LOL..Windows Media Player doesn't even get internet access on my laptop.:D

reply to Wai_Wai

Same thing happening here (WinXP Pro SP2 with all updates).

reply to eburger68
Great info.
Another method to "safely" open these files is with Irfanview.
It'll open just about anything, with the associated plugins.
»www.irfanview.com/
Free.
--
~Help find a cure for cancer~Proud Member Team Discovery

reply to eburger68
I can confirm PC World's story. I was recently sent one of these files.

The way it works as far as I can tell is that protectedmedia.com runs clients on the FastTrack network (Kazaa/Grokster/iMesh) offering what look like porn movies. Actually in the examples I've seen they *are* porn movies, but they're generic, not matching what the various filenames it is offered under might imply. It is likely they are also doing this with audio files too, but I haven't found any searches that will bring them up.

The files are rights-protected WMV. The licence-acquiring features in Windows Media Player involve opening up a window with some sort of licensing agreement; this is obtained by fetching the page from the URL embedded in the file, and then displaying it in an IE-engine subwindow. The trick is simply that the pages in this case contain a number of ActiveX drive-by downloaders, with wording that implies that you have to accept the downloads for the licence-acquisition process to work (in reality, the video plays anyway even if you say no). I don't know if this works on XP SP2... I suspect it does, because I believe the new yellow info bar thingy only applies to IE itself, not WMP.

These install a load of usual-suspects parasites that I'm going through at the moment, including ILookup/HotSearchBar and iSearch (Eric: who are also behind the rogue anti-spyware SpywareAvenger, you might want to note).

I just wonder how long this has been going on. As spyware researchers we've got used to tracking down web-based installers and software bundling, but porn on the P2P networks is something we've not been keeping an eye on until now.

In the meantime, I can only recommend Media Player Classic (which is a whole lot nicer than WMP even without the security considerations), and advise avoiding Windows Media files where possible.

Andrew:

Thanks for confirming the substance of this story. Would it be possible to a copy of the WMA file you have? If so, please email me at eburger68@myrealbox.com.

Best,

Eric L. Howes