Computer Crime Research Center


Microsoft products fail spyware tests

Date: March 04, 2005
Source: Computer Crime Research Center
By: CCRC staff

After two months of promising to update its media player and block the threat of malware infection in it, Microsoft officials on Tuesday admitted that WMP 9 users are exposed to the risk. When the first flaws were detected in the beginning of January, Microsoft made it clear that the use of rigged .wmv files to exploit the DRM (digital rights management) mechanism was not a software flaw.

In a week, the company reversed and promised new versions of WMP within one month. "While this issue is not the result of any exploit of Windows Media DRM, we do recognize it may cause problems for some of our customers," the company said in a statement. To help remove these problems, Microsoft said the software would be fixed to "allow the end-user more control over when and how any pop-ups display in the license acquisition process."

February 15, Microsoft released two WMP updates which, according to officials, covered the malware infection scenario. Even the language in Microsoft's update pointed to the addition of "integrity checks to the DRM system."

However, security experts quickly found that the late WMP update did not fix the problem. Researchers tested the updated WMP9 on Windows XP SP2 and found that the spyware infection threat still remained. Regrettably, and quite surprisingly, the update didn't not seem to solve the problem, Harvard University researcher Ben Edelman said. Microsoft first claimed they were testing the wrong WMP update and pointed everyone to a separate February 15 update to the WMP 10 software.

The company made no mention of a spyware infection, but a spokesperson confirmed the new version of the player was released after Microsoft confirmed that malicious hackers were using the copy-protection mechanism to install spyware, adware, dialers and computer viruses on unsuspecting PC users.

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-09-02 01:32:16 - Very nice Milen
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo