Hackers are using the newest DRM technology in Microsofts Windows Media Player to install spyware, adware, dialers and computer viruses on unsuspecting PC users.
Security researchers have detected the appearance of two new Trojans, Trj/WmvDownloader.A and Trj/WmvDownloader.B, in video files circulating on P2P (peer-to-peer) networks.
According to Panda Software, both Trojans take advantage of the new Windows anti-piracy technology to trick users into downloading spyware and adware applications.
“When a user tries to play a protected Windows media file, this technology demands a valid license. If the license is not stored on the computer, the application will look for it on the Internet, so that the user can acquire it directly or buy it,” Panda Software explained.
An unsuspecting user attempting to download the DRM (digital rights management) license will instead be redirected to a Web site that loads a large quantity of adware, spyware, modem dialers and other viruses, the company said in an advisory.
“Its pretty ingenious,” said Patrick Hinojasa, chief technical officer at Panda Software. “To take an anti-piracy feature and use it to feed spyware is extremely ironic.”
Hinojasa told eWEEK.com that the use of Windows Media files as a spyware vehicle is another sign that virus writers and companies supporting spyware are looking for new entry points to infect computers.
“In this case, theyre using technology meant to secure content. It just shows that the more bells and whistles you add to the technology, the more you open doors for the bad guys,” he said.
Even though these Trojans have been detected in video files on P2P networks such as Kazaa or eMule, Hinojasa warned that these files can be distributed via e-mail, FTP or other Internet download avenues.
Ben Edelman, a Harvard University student who tracks and comments on the spyware scourge, also spotted the spyware-laden media files. In a research note, Edelman posted a demonstration of the exploits and warned that users with older versions of Windows will receive “confusing and misleading messages” regarding the DRM licenses.
After attempting to download the DRM, Edelman said: “On a fresh test computer, I pressed Yes once to allow the installation. My computer quickly became contaminated with the most spyware programs I have ever received in a single sitting.”
“All told, the infection added 58 folders, 786 files and an incredible 11,915 registry entries to my test computer. Not one of these programs had showed me any license agreement, nor had I consented to their installation on my computer,” he added.