It probably had to happen sooner or later, but an anti-piracy feature in Windows Media Player has now been exploited for feeding spyware, malware, malicious dialers, and even viruses into unsuspecting computers. Security company PandaLabs says they’re coming through a pair of Trojan horse programs infecting some .wmv digital video files and believed passing through peer-to-peer networks as well as other ways.
The Trojans are known as Trj/WmvDownloader.A and Trj/WmvDownloader.B, infecting .wmv files and exploiting Windows Digital Media Rights Management aimed at protecting intellectual property rights of multimedia content, PandaLabs said January 11.
“When a user tries to play a protected Windows media file, this technology demands a valid license,” Panda said announcing the discovery of the Trojans. “If the license is not stored on the computer, the application will look for it on the Internet, so that the user can acquire it directly or buy it. This new technology is incorporated through the Windows XP Service Pack 2 Windows Media Player 10 update.”
The infected video files are purported to be licensed by Overpeer (for the A variant) and ProtectedMedia (for the B variant), the company continued, and running the video files causes them to pretend to download the appropriate license from certain Web pages, Panda said. But what the files actually do, Panda continued, is redirect you to other Net addresses where the files download adware, spyware, dialers that ramp you into higher-rate toll numbers, and other bugs.
"It's pretty ingenious," Panda chief technical officer Patrick Hinojasa told reporters. "To take an anti-piracy feature and use it to feed spyware is extremely ironic."
The programs the files download at those redirected pages, Panda said, include Adware/Funweb, Adware/MydailyHoroscope, Adware/MyWay, Adware/MyWebSearch, Adware/Nsupdate, Adware/PowerScan, Adware/Twain-Tech, Dialer Generic, Dialer.NO,
Spyware.AdClicker, Spyware/BetterInet, Spyware/ISTbar, and Trj/Downloader.GK
“Even though these Trojans have been detected in video files with extremely variable names which can be downloaded through P2P networks like KaZaA or eMule, bear in mind that they can also be distributed through other means, such as files attached to email messages, FTP or Internet downloads, floppy disks, CD-ROM, etc.,” the Panda announcement said.
Panda has already written and made available updates to its own anti-malware applications.
