Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Windows Media Player Vulnerability Info (MUST READ!!!)
Spyware Warrior Blog ^ | 12/31/04 | Eric L. Howes

Posted on 12/31/2004 3:14:06 AM PST by goldstategop

Hi All:

PC World has a pair of articles about a potentially dangerous new development on the spyware/adware front: WMA (Windows Media) files being used to install adware and spyware. See:

Risk Your PC’s Health for a Song? http://www.pcworld.com/news/article/0,aid,119016,00.asp

Protect Yourself From Audio Adware http://www.pcworld.com/news/article/0,aid,119063,00.asp

In short, the well-known copyright management/protection firm Overpeer has figured out how to install adware through Windows Media files. The technique exploits features of the Windows Media DRM functionality to launch special Internet Explorer windows that display popup ads and that also attempt to download and install adware/spyware. This happens when the user opens the Windows Media file for playing.

Some might be tempted to dismiss this new method for distributing adware and spyware as a risk only for those using P2P networks. That snap judgement would be a mistaken and misguided one, though. The P2P file sharing angle on this story is a red herring.

The problem here involves the DRM features of Windows Media, and those features create a new and potentially very effective means for adware vendors to push unwanted software on unsuspecting users who have no interest whatsoever in using P2P networks to trade unauthorized music files.

I should caution readers that the PC World article, while detailed, is still short on specifics and that we still need more information. That said, users should be advised to take the usual steps to protect themselves against adware and spyware. At a minimum that involves:

locking down Internet Explorer (esp. ActiveX controls, Java applets, and scripting); installing spyware prevention utilities such as SpywareBlaster and SpywareGuard; installing at least two reputable anti-spyware scanners and keeping them updated; keeping your system updated through Windows Update. In addition to the above, PC World recommends tweaking the settings for Windows Media Player:

said by PC World:

* Change windows Media Player setting to give you more warning. Select Tool, Options, Privacy and turn off ‘Acquire licenses automatically for protected content’. A dialog box then will warn you each time a protected file attempts to get a license, and it will display the URL from which the file intends to request the license. If you have any doubts about the site, choose ‘No.’ Changing this setting in Windows Media Player will affect any other players you use that support Microsoft’s DRM scheme.

Also, it appears that merely switching your default browser to something other than Internet Explorer will not be sufficient to eliminate the threat, as Windows Media Player uses the Internet Explorer engine to open browser windows that function as dialog boxes. Even if you’re not actively using Internet Explorer, you should lock it down to prevent its being exploited by rogue WMA files.

If and when more information becomes available, I’ll post it to this thread.

Best,

Eric L. Howes

To supplement the advice from PC World, you might want to take the following measures:

locking down Internet Explorer (esp. ActiveX controls, Java applets, and scripting); Either lock down the Internet zone (https://netfiles.uiuc.edu/ehowes/www/btw/ie/ie-opts.htm ), use Enough is Enough ( https://netfiles.uiuc.edu/ehowes/www/resource6.htm ), or use IE-SPYAD (https://netfiles.uiuc.edu/ehowes/www/resource.htm ).

installing spyware prevention utilities such as SpywareBlaster and SpywareGuard; http://www.javacoolsoftware.com/spywareblaster.html http://www.javacoolsoftware.com/spywareguard.html

installing at least two reputable anti-spyware scanners and keeping them updated; http://spywarewarrior.com/asw-features.htm#rec

keeping your system updated through Windows Update. http://windowsupdate.microsoft.com/

See screenshot below for privacy settings in Windows Media Player 9

For Windows Media Player 10, see these screenshots.

If you have questions about adware, spyware or Windows security, you can post in the Spyware Warrior forums. Please do not post help requests in the blog comments.

Thank you.


TOPICS: Business/Economy; Culture/Society; Technical
KEYWORDS: ericlhowes; exploit; getamac; internetexploiter; lowqualitycrap; microsoft; patch; privacy; scumware; securityflaw; spyware; trojan; virus; vulnerability; windows; windowsmediaplayer; worm
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-66 next last
To: Nightshift

poing


41 posted on 12/31/2004 8:29:14 AM PST by tutstar ( <{{--->< http://ripe4change.4-all.org Violations of Florida Statutes ongoing!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: goldstategop

Thanks!!!!!!!!!


42 posted on 12/31/2004 8:30:00 AM PST by countrydummy (#RIGHTALK.. http://www.rightalk.com)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #43 Removed by Moderator

To: raybbr
free/inexpensive firewall for W2000

I also recommend Zone Alarm. The free version (note: they will try to convince you to buy the 'pro' version, but for dial-up I think that's overkill...) is available here (click the red "free download" button):

Zone Labs

44 posted on 12/31/2004 9:02:37 AM PST by NoCmpromiz (The only thing the French do well is wine and cheese, both of which are made better in California.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: F16Fighter
I want to thank you for the links and tips... I just finally was able to locate and destroy an executable file that was so "hidden," that all my anti-spyware couldn't find it. UNTIL NOW.

I'm glad you found it helpful- the people who write and propagate that garbage should be publicly horsewhipped.

45 posted on 12/31/2004 9:20:36 AM PST by backhoe (-30-)
[ Post Reply | Private Reply | To 40 | View Replies]

To: ShadowAce

Ping


46 posted on 12/31/2004 9:27:32 AM PST by Still Thinking (Disregard the law of unintended consequences at your own risk.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

Ongoing Windows security vulnerability ping!


47 posted on 12/31/2004 9:32:45 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: raybbr

Zone Alarm or Sygate Personal Firewall. I use SPF as it gives you, the user, more control over what computer ports and/or programs you want to allow or block, that option is only in the paid version of Zone Alarm, but it's available in the freebie version as well as the paid version of SPF.


48 posted on 12/31/2004 9:56:31 AM PST by BigSkyFreeper
[ Post Reply | Private Reply | To 16 | View Replies]

To: goldstategop

ping


49 posted on 12/31/2004 9:58:25 AM PST by isom35
[ Post Reply | Private Reply | To 1 | View Replies]

To: KoRn
I'm at a loss to why anyone would use Microsoft's software.

I'm at a loss as to why anyone would have the Winamp Browser open.

50 posted on 12/31/2004 9:58:49 AM PST by BigSkyFreeper
[ Post Reply | Private Reply | To 36 | View Replies]

To: BigSkyFreeper

That isn't my screenshot. I pulled it off of google :-)


51 posted on 12/31/2004 10:20:37 AM PST by KoRn
[ Post Reply | Private Reply | To 50 | View Replies]

To: KoRn

My query stands. :)


52 posted on 12/31/2004 10:21:41 AM PST by BigSkyFreeper
[ Post Reply | Private Reply | To 51 | View Replies]

To: BigSkyFreeper

I've never used the browser part of Winamp myself. I always close it after installation, and have never opened it back up.

What does it do, and what's bad about it? lol


53 posted on 12/31/2004 10:24:39 AM PST by KoRn
[ Post Reply | Private Reply | To 52 | View Replies]

To: KoRn

Basically it's a way for advertisers to annoy you with ads, or to get more info on artists and music. I also closed it when I installed Winamp and it's never been opened since. It's a pain in the a$$ on dialup.


54 posted on 12/31/2004 10:42:03 AM PST by BigSkyFreeper
[ Post Reply | Private Reply | To 53 | View Replies]

To: BigSkyFreeper

Moral: install the paid versions to avoid bundled spyware. If you REALLY need Kazaa or Grokster, pay for it. Or expect that free will come with an unpleasant hidden price tag attached to it.


55 posted on 12/31/2004 10:46:36 AM PST by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives On In My Heart Forever)
[ Post Reply | Private Reply | To 54 | View Replies]

To: goldstategop
If you REALLY need Kazaa or Grokster, pay for it.

If you think you're not getting spyware by paying for Kazaa or Grokster, you're not reading the fine print.

56 posted on 12/31/2004 10:59:19 AM PST by BigSkyFreeper
[ Post Reply | Private Reply | To 55 | View Replies]

To: F16Fighter

Throw some details on here,.....some else may have the same problem.....there is some very nasty stuff out there.


57 posted on 12/31/2004 12:12:01 PM PST by Ernest_at_the_Beach (A Proud member of Free Republic ~~The New Face of the Fourth Estate since 1996.)
[ Post Reply | Private Reply | To 40 | View Replies]

To: Ernest_at_the_Beach
"Throw some details on here,.....some else may have the same problem.....there is some very nasty stuff out there."

The exe file: yutnfqcx had embedded itself despite my running the latest versions of ad-aware SE, spybot, AVG anti-virus, and Zone Alarm. I couldn't find it, I KNEW it was running (ctrl-alt-del), but it wouldn't show up when I tried to extract it by 'finding file'...That was UNTIL I found it buried in 'Hidden Files' -- as per the directives at backhoe's post #27.

I simply deleted it, and PRESTO! No more pop-up adware all over the place.

58 posted on 12/31/2004 12:58:10 PM PST by F16Fighter
[ Post Reply | Private Reply | To 57 | View Replies]

To: F16Fighter

Okay. I looked at backhoe's #27; where did you read the thing about hidden files?


59 posted on 12/31/2004 1:00:40 PM PST by Howlin
[ Post Reply | Private Reply | To 58 | View Replies]

To: Howlin
Where did you read the thing about hidden files?

Just under 'Help for viruses and malware:' is 'How To Show Hidden Files'.

If you KNOW a exe program is running that shouldn't be there, (ctrl-alt-del), and you can't find it anywhere, then it's probably hidden...

60 posted on 12/31/2004 1:06:57 PM PST by F16Fighter
[ Post Reply | Private Reply | To 59 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-66 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson