Firms Surprised
PC World contacted Microsoft and the seven ad-serving companies whose ads popped up when we ran the Keys audio file. "We're looking into exactly what's going on with this file and checking to see if this particular model is in keeping with the licensing terms for Windows Media [Digital Rights Management]," says David Caulton, group product manager for Microsoft's Windows Digital Media Division. "We wouldn't want to endorse anything that involved delivery of content that appears to be one thing, and then something else is delivered."
Only one of the advertising firms, Kanoodle, responded in time for our article. "Kanoodle stringently vets all prospective partners to determine in advance how they will distribute ourA sponsored links," wrote Lance Podell, the company's president. "As in this case, upon detecting or discoveringA any prohibited distribution activity, we eliminate it immediately." Indeed, Kanoodle's ads no longer appear when we launch the file.
DRM Loophole
A loophole in the Windows Media DRM process allows companies to create ersatz media files and link them to adware. Normally, when you download a protected Windows Media file, you also receive a license that lets you play it. According to Caulton, if Windows Media Player can't find a valid license on your PC, it checks in with a remote system running Microsoft's Windows Media DRM Server.
You'll rarely see that happen. Some files, though, are set up to ask you for information before playing. They sometimes do this by displaying a Web page offering you a chance to buy the file you're playing or inviting you to sign up for a mailing list to get the content free. At least, that's the way it's supposed to work.
But since the license dialog box acts just like an Internet Explorer window, it can display whatever is on the page it points to--whether a legitimate call for license information or a series of pop-up ads.
When we played the modified files, the License Acquisition dialog box showed a page containing ads and quickly spawned more IE windows, each containing a different ad.
Not only did we get bombarded with unwanted ads, but one of the ad windows in a video file tried to install adware onto our test PC surreptitiously, while another added items to our browser Favorites and attempted to change our home page. And a window from the original music file asked to download a file called "lyrics.zip," which contained the installer for 180search Assistant, commonly categorized as an adware program.
The media files appear to run once the ads load, but they were devoid of video or music.
First Wave?
The ads in Overpeer's disguised media files may annoy some users. But malicious agents such as hackers and thieves could exploit the DRM loophole to do far worse. For example, criminals could load modified media files with keystroke loggers or other software for taking over your PC.
The difficult part of invading someone's PC is enticing a user to click a link or file to be infected, says Johannes B. Ullrich, the chief technical officer for the SANS Institute's Internet Storm Center, a security group. Hacked media files could give criminals the perfect bait with which to lure unsuspecting users.
Senior Reporter Tom Spring contributed to this report.
Ad Choices