Trojan Exploits Windows DRM

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Anti-Virus and security vendor Panda Labs is reporting the discovery of a threat that takes advantage of Windows Digital Rights Management (DRM) .

According to the company's warning, one of two Trojans, Trj/WmvDownloader.A or Trj/WmvDownloader.B, could be placed inside of Windows Media format (.wmv) video files by malicious users. It executes when the user opens the files with the latest Windows Media Player 10 update, which is part of Windows XP SP2.

Windows Media player 10 includes Windows Media Digital Rights Management (DRM), which calls for a valid DRM license to play the infected video file. The media player then looks for the license on the Internet (since there isn't a local copy of the license with the video file).

Instead of acquiring the required license, the infected .wmv files are downloaded from at least 13 reported varieties of malware (including spyware, dialers and viruses variants), which then infect the user's PC.

Panda Labs said it detected Trojans in files with "extremely variable names," though they all seem to be "protected" by the same DRM license.

"The video files infected by these Trojans have a .wmv extension and are protected by licenses, supposedly issued by the companies overpeer (for Trj/WmvDownloader.A), or protectedmedia (for Trj/WmvDownloader.B)," the Panda Labs advisory states.

The infected video files are being spread via P2P networks. However, Panda Labs cautioned that they could also be distributed via other means, such as e-mail attachments and normal Internet downloads, and urged users to update their anti-virus software to include the latest definitions.

Jupiter Research analyst Todd Chanko said the risk only exists when people download files without knowing where they originated, such as from an anonymous music or video file offered on a P2P network.

If consumers are illegally downloading stuff, they don't really know whether they're getting authentic files or malicious files, he said.

"There is no risk if the files are from legitimate sources, such as Rhapsody or iTunes or Cinemanow or Movielink. In those instances, the DRM works as it is supposed to, to protect and monetize digitized intellectual property," he said.

Chanko also said he didn't see the threat posed by the Trojans as an attack on Windows DRM itself. "It is, in fact, the vehicle enabling the delivery of the malware to an unsuspecting user's PC," Chanko explained.

"My initial thoughts are that it will have no impact on DRM adoption, because DRM is not adopted by consumers but by content owners to protect their intellectual property," Chanko told internetnews.com.

A Microsoft spokeswoman was not immediately available for comment.

A July 2004 Jupiter Research report forecast that the DRM market would be worth $274 million by 2008. This represents a 661 percent growth rate over 2003. (Jupiter Research and this Web site share the same parent company.)

The report, which also surveyed opinions on DRM usage and adoption, also noted that the need for DRM solutions is being driven by threats to sensitive information.

Submit a Comment

Loading Comments...