dslreports logo
 story category
Spyware Hidden in WMA Files
Overpeer finds new way to make a profit
PCWorld takes a look at how companies are now disguising spyware and popups as Windows Media music files on p2p networks. Using a packet analysis tool, they discovered the files were coming from a company named Overpeer (owned by Loudeye) - the same company that is employed by the MPAA to insert junk files into p2p networks to frustrate users. PCWorld advises users on how to avoid the files, and additional discussion can be found in our Security forum.
view:
topics flat nest 

Pepin9
join:2003-01-05
New Port Richey, FL

1 edit

Pepin9

Member

Call me Old Fashoined

But I just Borrow the CD's and DVD's that I want... and then rip what I want... no P2P here...
SN1FFER
join:2004-12-30
Centreville, VA

SN1FFER

Member

Thank you MP3 PRo

WANT MORE MUSIC... WE ALL KNOW MP3PRO... JUST GO AHEAD AND GET IT...IT'S SMALLER FORMAT THAN WMA PLUS IF ALL YOU WANT IS MUSIC THERE YOU GO... CONVERT YOUR FILES TO MP3PRO.
Goldengamego
Premium Member
join:2004-02-22
Okemos, MI

Goldengamego

Premium Member

Re: Thank you MP3 PRo


technick
Premium Member
join:2000-12-16
Wheat Ridge, CO

technick

Premium Member

Heres one!

Don't download windows media audio! Its that simple, in all my years of downloading music, even back from 1995, ive seen tons of formats come, and go. Mp3 still hangs around, and there's a reason. Its good!

pointpleasant
@sprint-hsd.net

pointpleasant

Anon

Re: Heres one!

can you send me the mp3 of "Everyone Else Has Had More Sex Than Me"? I can't find it anywhere! thank you sooooooo much!

oliphant
I Have 8 Boobies
Premium Member
join:2004-11-26
Corona, CA

oliphant

Premium Member

Which is why to avoid...

the windows media formats, whether audio or video. It's the same crap with video by exploiting/using the windows music/video licensing feature to deliver popups.

technick
Premium Member
join:2000-12-16
Wheat Ridge, CO

technick

Premium Member

Re: Which is why to avoid...

I have a buddy that downloads tons of pr0n off of usenet, and some of the videos he downloads has the popup crap in the media license management. The popup's consume the whole screen, the only way to close is Alt+F4, and sometimes killing iexplorer.exe.
steven s
Premium Member
join:2002-09-14
Dearborn, MI

steven s

Premium Member

Haaa

One more reason not to use MS formats.
ParanoiaInc
join:2002-08-28
Tucker, GA

ParanoiaInc

Member

Re: Haaa

Uh, how about one more reason to stop stealing music on P2P networks. The article said nothing about legitimate music sold in WMA as being compromised, but rather music d/l off of P2P networks.

And if you are dumb enough to download copyrighted material you didn't pay for off of P2P networks you deserve to get what is coming to you.
steven s
Premium Member
join:2002-09-14
Dearborn, MI

steven s

Premium Member

Re: Haaa

Sorry, I prefer not to pay to thefts known as the RIAA and MPAA.

qoa
@sothfd01.mi.comcast.

qoa to ParanoiaInc

Anon

to ParanoiaInc
Because you have never downloaded an mp3 that you haven't payed for have you? I highly doubt that Mr. Highandmighty.
Kearnstd
Space Elf
Premium Member
join:2002-01-22
Mullica Hill, NJ

Kearnstd to steven s

Premium Member

to steven s
real concern will be when this makes it to purchased music, they will sell whole CDs for download in WMA for super cheap and then bam you play it and get bombarded by ads if you dont play it in a portable.
ParanoiaInc
join:2002-08-28
Tucker, GA

ParanoiaInc

Member

But my music player doesn't support popups!

So, how many people are using portable music players with music they own (whether purchased online or ripped from music they own in disk-form) that has a problem? If I read the article correctly, its only music being d/l from P2P networks. And unless your portable music player supports popups (mine doesn't, or at least not that I know of), its a moot effort on their part.
Underplay
join:2003-10-19
Tacoma, WA

Underplay

Member

Filthy

The MPAA is just as bad as the piraters...same with the RIAA, there all greedy bastards along with the musicians. They can all goto hell because SHARING on the internet is going to last forever.

Derch
Premium Member
join:2004-10-16
Hanahan, SC

Derch

Premium Member

Spybot or Adaware?

I didn't see any mention of anti-spyware programs. I wonder how they would recognize the threat.

Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY

1 edit

Transmaster

Member

Oh My...

Why am I not surprised it is a windows product that gets nailed with this exploit. I do not like WMA because of the way it does track tags. Ogg, and Ape ate my favorites.
electric_dsl
join:2004-07-20
Pickering, ON

electric_dsl

Member

Re: Oh My...

It isn't an exploit.

Its misuse of a known feature.
steven s
Premium Member
join:2002-09-14
Dearborn, MI

steven s

Premium Member

Re: Oh My...

That's MS for you. Create useless features, forget useful features.
electric_dsl
join:2004-07-20
Pickering, ON

electric_dsl

Member

Re: Oh My...

Useless to who? Maybe to you but I am sure there are lots of people that use the features in Windows that you might think are useless and visa versa.

If you don't like them remove or disable it. Simple.

Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY

1 edit

Transmaster to electric_dsl

Member

to electric_dsl
said by electric_dsl:

It isn't an exploit.

Its misuse of a known feature.
And there is a difference from the end user's point of view?
electric_dsl
join:2004-07-20
Pickering, ON

electric_dsl

Member

Re: Oh My...

Of course.

One can be easily and totally prevented by using menus etc.

The other requires patchs and more advanced to fix.

M_is_l33t
@comcast.net

M_is_l33t

Anon

LOL

M$ Windoze Media Files are a joke! I'm surprized that it stuck around for this long.

The Micro$oft fanboys keeps insisting on them.

pike
Premium Member
join:2001-02-01
Washington, DC

1 edit

pike

Premium Member

Who?

Who downloads any other format besides MP3 anyway? duh.

Regardless, if you use a properly secured browser (yes even IE can be configured properly if you take the time) this would never be a problem. And always run WMP in the Restricted Zone.

-Mike
tparker1
join:2004-09-29
Winston Salem, NC

tparker1

Member

Re: Who?

Why do people download MP3's? I think they are falling into a big trap and the trap is Inferior Quality anyone that has heard a good recording will tell you that anything short of RedBook Laser Standard is not worth listening to Redbook is 320 kbp/s some of the Mp3's are 128,192 which to me sounds terrible.it is a good thing that a lot of people are getting them for free because they aren't worth paying for.I buy the CD's I like and put them on my I-Pod without degrading the quality only penalty is I can't get as many songs on it.I would rather listen to one album at full audio bandwidth than have 1000 watered down songs.It wasn't long ago that DAT Players were put to rest over not having the quality of a CD.They are geting people used to downloading Music at Inferior Quality and eventually people will have to buy it from the likes of I-tunes,Napster so they make more profit from their Music they don't have to open a store so the Overhead is a lot lower.I just hope that there are still some of us that want Quality over Quanity that was the way Music was Intended to listen to.DVD Audio has almost Perfect sound with 24 Bit 192Khz hopefully people buy into it.I came from old School where we were always buying new Equipment trying to get that Perfect Sound from our Systems and when i read now they are closing sites that have Mp3's that most are only 128 Kbp's they are doing people a favor by closing them besides Joe Sixpack and any Audio Lover if they started a few Years ago have enough music to last a Lifetime.Someone will come up with a way to share Songs and Movies when Bittorrent and E-mule and Company are taken down just give them time.I-Tunes,Napster songs are Proprioritory to their Player where CD's will play in anything I am not falling into that trap where i have to use someone else's Player forever i don't care that the songs are .99 cents each and Albums are 9.99.

RDins
@attbi.com

RDins

Anon

Re: Who?

The thing is, wma formats are very good. Smaller then mp3 but very good quality. I still prefer mp3 though since its a standard format that doesn't have crap built into it like that. Even when I purchase music, if they don't have mp3 (or an option to convert to it) then I won't purchase.
dbcalo
join:2002-06-05
Chico, CA

dbcalo

Member

Re: Who?

said by RDins:

The thing is, wma formats are very good. Smaller then mp3 but very good quality. I still prefer mp3 though since its a standard format that doesn't have crap built into it like that. Even when I purchase music, if they don't have mp3 (or an option to convert to it) then I won't purchase.
I hate wma. I'll choose Ogg Vorbis over wma or mp3 any day. Ogg Vorbis beats wma, and mp3, in both quality and size. I will also choose a good lossless file(flac, ape) over any lossy file(wma, mp3, ogg, aac, etc.). You can convert a lossless file into what ever format you want, plus lossless files have the best quality you can get -- provided the were ripped properly.

Whatever12
@anonymizer.com

Whatever12 to tparker1

Anon

to tparker1
I agree with your point although your stats are wrong. First off, Redbook is good, but many people will say that it's not impressive. Like you stated, DVD-A is what the music industry should be heading for. MP3 and all these other formats are a big step backwards. Redbook quality isn't 320kb/s. Using kb/s isn't the best way to compare Redbook with compressed audio cause they are very different, but if you want to make the comparison Redbook is 1200kb/s. Lastly, DAT Players were put to rest not do to poor quality but to (mainly Sony's) lack of direction with the format. The quality of DAT met or exceeded CD depending on your equipment. In fact it wasn't uncommon for things to be recorded on to DAT and later transferred to CD to sell.

el scorcho
Cupid Stunt
join:2000-12-01
Brooklyn, NY

el scorcho to tparker1

Member

to tparker1
well, while we're at it let's also make sure that everyone who's listening to music is doing so from the the highest quality speakers, headsets and listening devices within sealed rooms with no outside noise whatsoever.

you're right, compressed, lossy music is not redbook standard and not entirely perfect. many people, however, have a hard time discerning between properly encoded 192 kbps and higher MP3 files and CD audio, and other encoding formats such as AAC and Ogg are even more efficient in their compression.

and unless you're dropping the CDs you purchased as pure uncompressed or lossless audio files you're still introducing artifacts into your audio, regardless if you purchased it or are using pre-compressed audio. in fact, the AAC encoder included in iTunes is noticably inferior to other AAC encoders (such as Nero of all things), and in listening tests some have called it inferior even to LAME-encoded MP3s.
sago5
join:2001-12-19

sago5

Member

actually

Actually, as the speeds and capabilities of embedded processors increase, devices like CD players and DVD players and so on might very well reach the point where they can decode a lossless format like FLAC. Rio Karma already works with FLAC files, and there are some others that do. The thing is, FLAC not only compresses CD-quality audio, it can losslessly compress 24-bit audio, even 32-bit audio, which I don't believe exists yet.

The FLAC files are typically 50-60% the size of the original file, and absolutely no sound quality is lost whatsoever. So as far as being able to store the music and save on storage space, at least you can chop it down by a little less than half. Personally, what I thought would be really cool was if someone made a portable walkman-type device that you could feed DVD blanks to, DVD blanks containing FLAC files, or perhaps other files as well - mp3 files, etc... That would just be so cool. Haven't seen one anywhere.

As far as the original article - a popup window that has a link to the place where you can buy that song - that exploits the vulnerability, so it's not a sustainable business practice; also, what if the url was spoofed and it wasn't a place to purchase the song at all? These multiple popups are just unacceptable, they are going way too far on that one. Looks like wma is just not a safe format unless you know you are getting it from a trusted source.

MagicDev
They Mostly Come Out At Night, Mostly
Premium Member
join:2001-01-08
Oakley, CA

MagicDev to tparker1

Premium Member

to tparker1
A MP3 file is a file that contains audio data. MP3 stands for Mpeg Audio Layer 3 and is a part of the Mpeg standards. Mp3s can be anything: sound, music, speech and so on. They are created using a Mpeg audio compression utility from .wav files. The level of compression can be controlled but for CD quality, the general compression ratio over .wav is 12:1. For every 12 bytes in the wav file, the utility matches that with only a single byte in MP3 format. This means that with a short download time you can receive large amounts of audio data. The compression works by removing sounds your ear probably would never be able to detect due to the way our ears detect and decode sound.
Kearnstd
Space Elf
Premium Member
join:2002-01-22
Mullica Hill, NJ

Kearnstd to pike

Premium Member

to pike
CDs and MP3s sound equal on my Altec speakers and 4yr old soundblaster. infact pretty much all audio formats sound the same, even when burned to CD and played in my truck. course the car has a 7yr old CD player and 10yr old GM stock speakers. point being is i bet most people are like me and dont have huge high end sound rigs which is also why DVD-Audio and SACD are not going to take off in the home market unless they can offer more then "better sound quality". id guess with DVD-Audio they will have to add stuff like the music videos for that album on top of the normal music tracks for it to ever have a chance to take on CD.

pcscdma
hi
Premium Member
join:2004-01-14
Winterset, IA
ARRIS SB8200
Nest H2D

pcscdma

Premium Member

Re: Who?

said by Kearnstd:

id guess with DVD-Audio they will have to add stuff like the music videos for that album on top of the normal music tracks for it to ever have a chance to take on CD.
They already sort of do that. There is a normal DVD-Video folder on most DVD-A discs that work even if you don't have a DVD-Audio player. They also have this as a link to the videos in the DVD-Audio menu if you have a device that can play both. The audio format for that section is required to use either compressed DTS or Dolby Digital so it will play on the device.
DTS 96/24 would be good for the video section.
»www.dtsonline.com/techno ··· Overview
dbcalo
join:2002-06-05
Chico, CA

dbcalo to Kearnstd

Member

to Kearnstd
high end? all you would need to do with your truck is replace the stock speakers, and if you're reciever is horrible then replace that too!

as far as your altec speakers, i'm afraid computer speakers are just not that great. all you would need to do there is get a reciever and some decent speakers.

for each of those you could do it for under $300 or even $200, depending on the reciever. you would be able to tell the difference on even decent low end speakers, even some good headphones on a portable player! people just assume these things are hilariously expensive for some reason, but if you know where to look, they aren't.

pike
Premium Member
join:2001-02-01
Washington, DC

pike

Premium Member

While there are some wonderful arguments here, you're all missing the point (except Kearnstd See Profile).

I guess I could have been more clear in my post but I thought the article was referring to the casual p2p downloader who listens to his music on his crappy $30 PC speakers. If that's the case then my original question remains - why is there any reason to download any other format than MP3?

I don't think there's many true audiophiles searching the KaZaA and gnutella networks. These folks are too busy buying DVD-A discs and $5000 pairs of speakers.

-Mike

el scorcho
Cupid Stunt
join:2000-12-01
Brooklyn, NY

el scorcho

Member

Re: Who?

said by pike:

I don't think there's many true audiophiles searching the KaZaA and gnutella networks. These folks are too busy buying DVD-A discs and $5000 pairs of speakers.

-Mike
i beg to differ. i've seen an increasing amount of music shared in lossless quality (FLAC, APE, etc.), leaving it up to the person downloading from p2p as to how they want to convert it, be it Ogg, MP3, or to keep it in the lossless format, as many audio players can now read it natively.

BoredofTrade
join:2003-06-29
Wheaton, IL

BoredofTrade to pike

Member

to pike
Exactly... I'm not an audiophile in the slightest bit. I don't care much about how I listen to something as long as there isn't any hissing, popping, or static. Agreed, there are excellent quality products on the market that I would love to purchase for audio, but I would much rather have excellent video quality and a pair of headphones over $2000 worth of audio equipment and a low end television or monitor and graphics card any day. Car audio isn't my field either. I spend about 10 minutes in my car on average per trip. Maybe about an hour a day, total. Television and computer video quality is much more important to me than how my car sounds. Anyway, I'm done.

rodoke
join:2003-10-28
Carbondale, IL

rodoke to pike

Member

to pike
I've been seeing a growth in files being ripped to .ogg format.

Doctor Four
My other vehicle is a TARDIS
Premium Member
join:2000-09-05
Dallas, TX

Doctor Four

Premium Member

Looks like this story made it to Slashdot

Someone at Slashdot posted about this one, heading the
article with "RIAA/MPAA Contractor Deploys Malicious
Adware Trojans". I see Overpeer and Loudeye's IP addresses
getting added to hosts file everywhere, and detections
added to all the major trusted spyware removal applications.

The article (and replies to it) are at:
»it.slashdot.org/it/04/12 ··· 2&tid=17