Spyware Hiding in Online Media Files

The Internet Patrol default featured image
Share the knowledge


As if online downloaders don’t have enough to worry about (rightly or wrongly), now they have to worry about spyware being buried within the media files they download.

I don’t think this is what Marshall McLuhan had in mind.

According to a report in InformationWeek, hackers are taking advantage of certain “features” of the Windows Digital Rights Management (DRM) scheme to load all sorts of spyware, adware, viruses and other nasty things onto an unsuspecting user’s computer.

When a user downloads a digital media file, the Windows DRM program looks for a license for the media on the user’s computer. If the license is not present, the program starts searching on the Internet for a license; once found the license is downloaded and presented to the user for purchase.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 

However, the trojaned media files don’t actually download the license, although they claim to be doing just that. Instead they go to a site or sites of the hacker’s choosing and download all the Internet nasties onto the user’s machine.

Yuck.

Sounds as if DRM will soon stand for “Download Risky Media”.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

3 thoughts on “Spyware Hiding in Online Media Files

  1. How amusing! So if I’m not a music or movie thief, I still have to worry about going to some place like “Stupid Videos” and having my computer infected just because I watched a home movie of some person’s cat falling in a mud puddle. From the “JPEG of Death” to the “DRM of Insanity”. Enjoy!

    No longer apologize for Microsoft for they are lame.

    By the way, this exploit was discovered and implemented by a company hired by the RIAA to poison the P2P network. Yet another reason why “full disclosure” of exploits must not be suppressed. It’s not just the criminals we have to worry about, but corrupt corporations and governments as well. The exploits don’t go away just because the end user doesn’t know about them, they just get repurposed as adware, spyware and espionage vectors.

    If you can’t demand they be fixed then you suffer their existance and continued exploitation by these types.

Leave a Reply

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.