Back in mid 2002, Overpeer (which is owned by Loudeye) began flooding file sharing networks with fake songs by either containing a piece of the original track continuously looping or an antipiracy voice message in an aim to make finding legitimate music more difficult. However recently it has begun exploiting a vulnerability in Microsoft's DRM to deliver advertisements and even attempt to install adware and spyware to those who end up attempting to play the recent fake songs. The fake files appear just like legitimate audio files until the user attempts to play them.
When a legitimate DRM protected WMA or WMV file is played, the player attempts to automatically find a valid license, first locally and then by contacting an appropriate Windows Media license server. If a license cannot be obtained the media file can then bring up a dialogue box pointing to a URL with information on how to purchase the track (such as attempting to play an expired track) or get further details before providing a playback license. However as any URL can be any specified by the media file, Overpeer uses it to point to a webpage that brings up a series of pop-up advertisements including some with ActiveX controls and other content that attempts to install adware or spyware.
According to PC-World, Microsoft was not too impressed with Overpeer's actions and will check to insure that they are keeping within the Windows Media DRM licensing terms, for example ensure that a media file titled one thing does not deliver something else. GristyMcFisty used our news submit to send in the following news:
|
When we ran the files, we noted over half a dozen pop-ups, some attempts to download adware onto our test PC, and an attempt to hijack our browser's home page. However, you can take steps to guard your PC against this ad invasion. Off-Key Experience A reader initially alerted PC World to an ad-laden Windows Media Audio file, titled "Alicia Keys Fallin' Songs In A Minor 4.wma." We then found two other WMA files and two Windows Media Video files that had been similarly modified. Using a packet analysis tool called Etherpeek, we determined that each media file loaded a page served by a company called Overpeer (owned by Loudeye). That page set off a chain of events that led to the creation of several Internet Explorer windows, each containing a different ad or adware. Read the full story here. |
As Windows media files are mainly affected by this issue, probably the best option to avoid getting hit is to avoid WMA and WMV files except as a last resort when the content cannot be found using another codec. Besides MP3 encoded tracks, music encoded in M4A is becoming widely available on file sharing networks due to the popularity of iTunes which encodes music in M4A by default. M4A is MPEG4 audio and generally offers superior sound quality to WMA and MP3.
If downloading Windows Media content is the only option such as for a portable audio player that only supports WMA, then turn off the option 'Acquire licenses automatically for protected content" in Windows Media Player (Tools -> Options -> 'Privacy' tab). In this case, a pop-up will ask should a license be acquired. Should this box appear, only allow it if the content was downloaded from a trusted source. Another option is to install a pop-up blocker. Note that installing or setting up another browser as the default browser does not solve this issue since Windows Media player automatically uses Internet Explorer.
From what I can see, DRM (at least in Windows Media) may end up earning the advertisers more revenue than what the music industry gains by using this technique. For Microsoft this will likely give its codecs bad reputation.
Source: PCWorld - Pop-up Ads
