Phony Advisory Attacks RIAA

 
 
By Dennis Fisher  |  Posted 2003-01-14
 
 
 
A hoax message posted to two security mailing lists Monday suggests that the Recording Industry Association of America has hired a group of hackers who have developed a worm capable of infecting and shutting down peer-to-peer file-sharing software. The hackers claim to have released the worm, on the RIAAs orders, and that it now controls almost 95 percent of "all P2P participating hosts."

The RIAA said the message was a total fabrication.

"Its a complete hoax," said an RIAA spokesman in Washington. "Someone forwarded the message to us and that was the first we heard or read about it."

Although the existence of the worm and the RIAAs involvement are clearly a hoax, there is a working exploit for a vulnerability in the Mpg123 media player attached to the message. Several sources verified that the code does in fact exploit a buffer overrun in the player.

The outlandish claims are part of a "security advisory" supposedly written by a group called Gobbles Security. The group is known for publishing humorous advisories on serious software vulnerabilities, many of which are posted with exploit code.

The message says the RIAA hired Gobbles "to invent, create, and finally deploy the future of antipiracy tools. We focused on creating virii/worm hybrids to infect and spread over P2P nets."

The RIAA, which represents all of the major recording companies in the United States, is fighting a pitched battle against illegal copying and sharing of music files. It has pushed for tougher laws in this area and has been very vocal in its views. This stance has led to numerous successful attacks against the RIAAs Web site in recent weeks.

The "advisory" publication comes on the same day that the RIAA announced a deal with the Business Software Alliance and the Computer Systems Policy Project under which the RIAA will argue against putting locking controls on future digital media players. Some government officials have pushed for such a requirement as a way to prevent consumers from sharing music and video files.

The message goes on to say that Gobbles identified vulnerabilities in most of the major media players in use on the Internet, and then created a worm that exploits these flaws. The alleged program delivers an infected file to users of file-sharing software, whose machines are then infected once they play the file. Then, as other users download files from the infected machine, their PCs also become infected.

The fictitious worm also takes an inventory of all of the file-sharing software and media files on the infected machines and sends the list back to the RIAA, which plans to use it in future prosecutions, according to the Gobbles "advisory."

Rocket Fuel