Microsoft Corp. says it has no plans to change the way its Windows Media Player handles the download of DRM licenses.
Amid reports that malicious hackers are using the anti-piracy mechanism to infect computers with spyware, adware, dialers and computer viruses, Microsoft officials stressed that the latest attack scenario does not exploit a vulnerability in the software.
“Not every problem comes with an automatic technology solution. In this case, the priority is to educate users and get them to understand the importance of not downloading files from untrusted sources,” said Mike Coleman, lead product manager with Microsofts Windows division.
“If strangers are trying to entice you to open a file, chances are theyre setting you up for a bad experience. We need to continue our work on getting people to understand whats going on and get them to develop better download habits,” Coleman told eWEEK.com.
Security experts warn that crackers are rigging .wmv files to use the DRM (digital rights management) features of Windows Media Player to browse sites infested with malware.
The WMP software includes an option to “acquire licenses automatically for protected content.” When a user tries to play a DRM-protected file, the software triggers an Internet Explorer browser session and walks the user through the installation process.
Ben Edelman, a Harvard University student who tracks the spyware scourge, has published a demonstration of the exploits and warned that users with older versions of Windows will receive “confusing and misleading messages” regarding the DRM licenses.
After attempting to download the DRM license, Edelman said his test computer became infected with 58 folders, 786 files and a whopping 11,915 registry entries. “Not one of these programs had showed me any license agreement, nor had I consented to their installation on my computer,” he said.
Tom Liston, a researcher who tracks malicious Internet activity for the SANS Internet Storm Center, said the attack scenario puts users at risk even if they use an alternative browser. “Youre only as safe as the version of IE installed on your system.”
Panda Software said the rigged video files are being distributed on peer-to-peer networks to dump two Trojans—Trj/WmvDownloader.A and Trj/WmvDownloader.B—on PCs.
Microsofts Coleman said the company takes all security risks seriously and urged Windows users to take advantage of the protections built into Windows XP Service Pack 2.
“Computers with SP2 would block those pop-ups and block the installation of ActiveX controls. So, in addition to increasing risk awareness and promoting best practices, we have built protections into SP2.”
Coleman also recommended the use of Microsofts new anti-spyware software, which is capable of detecting and deleting unwanted programs.