10 Year old design flaw in Windows Media Player still abused for malware distribution

A flaw in the design of the Windows Media Player DRM implementation is abused by cybercriminals to distribute malware. The method exists for more than 10 years, the first time abuse of the flaw was discovered was in 2005.

myce-windows-media-player-drm-warning

ADVERTISEMENT

Abusing the Windows Media Player DRM is possible when users have downloaded malicious video files from e.g. Bittorrent sites. When the video file is opened, Windows Media Player warns that the user doesn't have the necessary rights to play the file. It then shows an URL where the users can obtain those rights and asks the user whether he wants to visit that site.myce-download-video-fix

Legitimate content producers can use this to make it easy for their customers to obtain  a license by simply clicking 'Yes'. In legitimate cases this would open a site where users can purchase a license.  Cybercriminals abuse this feature to direct users to a website where they offer malware disguised as e.g. video codecs or 'video fix' software.

No posts to display