back to article Ten-year-old Windows Media Player hack is the new black, again

Net scum are still finding ways to take down users with a decade-old Windows Media Player attack. The vector is a reborn social engineering hatchet job not seen in years in which attackers convince users to run executable content through Windows Media Player's Digital Rights Management (DRM) functionality. Windows Media …

  1. Anonymous Coward
    Anonymous Coward

    Wait, Windows has a media player?

    I've always used VLC for the simple fact that it's never found a media file it couldn't play unless the file was corrupted at which point it simply rejects it & advises you to find a good copy.

    I'd ask if the Windows media player (WIMP?) is any good but this IS Windows we're talking about.

    /s

    1. Jeffrey Nonken

      Re: Wait, Windows has a media player?

      I use either media player classic (seems lighter weight than VLC, works better on my ageing laptop) or VLC, if mpc won't do the trick.

      WMP isn't a complete disaster, but I always replace it on a new installation ASAP.

      1. Baldy50

        Re: Wait, Windows has a media player?

        Yep me too if VLC can't play then it's dodgy with a capital D and delete the fecker!

      2. Prst. V.Jeltz Silver badge

        Re: Wait, Windows has a media player?

        Media Player Classic ftw!

        It is lighter than VLC , but VLC can somtimes play stuff MFC can *t - and sometimes , but rarely , MFC will play stuff better than VLC.

        The true greatness of MFC though , is the interface.

        roll mouse for volume - AND IT DOSENT HAVE TO BE HOVERING ON THE VOL CTRL - R U listening VLC?

        double click to get in and out of full screen - single click for pause/play

        thats all you need.

        NO additional bullshit. like that windows abomination.

        Also the numbad stretches or zooms the picture. Why would I want it stretched you say? well if its been encoded stretched you can correct it.

        ...and if its too letterboxed you can pick your exact level of cropping / zooming / black bars.

        *and vlc can certainly do many many things that mfc cant - if i had to choose i'd keep VLC , but i dont have to choose , so i go to MFC first

        1. swm

          Re: Wait, Windows has a media player?

          VLC doesn't (currently) play MIDI though.

    2. Anonymous Coward
      Anonymous Coward

      Re: Wait, Windows has a media player?

      This Reminds me of El Regs favourite smartphone maker, who's pride and joy had been harbouring one of the nastiest pieces of spyware ever seen, for years, all the while loudly proclaiming how much safer their shinies were, and so worth paying more for, from the top of their ivory towers.

      1. O RLY

        Re: Wait, Windows has a media player?

        @AC, you mean the software written by a company whose stock in trade is making spyware for governments? The software that took advantage of three zero-day vulns which were patched within days of disclosure?

        Yeah, I see the similarities between that and an exploit that's been discussed publicly for at least ten years. They're as similar as "whose" and "who's".

      2. bombastic bob Silver badge
        Devil

        Re: Wait, Windows has a media player?

        windows prior to Win-10-nic had one, yes. Now I think you have to BUY one, or tolerate ads, or something... or download/install VLC.

        in the insider preview, I reported a bug where the metro video player couldn't get aspect ratios right with MKV files, and had sucky video performance [especially compared to VLC]. Solution, get rid of the metro media player. ha ha ha ha ha. The best part is the screen shots I used to report the bug, which I still get a snicker fit over [it's a harmless screen shot comparison for an anime that for SOME reason was quietly removed from tvtropes for no good reason, other than the possibility of SOME people's perception of it, even though it was a 'trope maker' in a couple of cases, and uproariously funny]. I smile with an evil grin. Because I know how SOME people over at politically correct micro-shaft would see that...

        Related, has anyone considered whether or not the infected torrents were submitted for download DELIBERATELY in order to entrap the people that download them? You know, a handful of idiots dumb enough to use windows media player in the FIRST place get cracked by MPAA and others, and their computers held for ransom and/or identified for *STING* operations and intimidating lawsuits...

        [yeah, I saw THAT possibility - a few well publicized examples, and a lot of common people shake in fear over accidentally downloading a pirate copy]

  2. Michael Habel

    So does this affect VLC then?

    1. Hans 1
      Happy

      >So does this affect VLC then?

      Where is your joke icon ?

  3. Mystic Megabyte
    Linux

    Windows media non-player

    Let me guess, it still thinks that an .iso is an unknown file format.

    On a slightly related note I just bought a second hand laptop with Windows 8. I cannot put into words my horror and confusion about this total crock of shite. I've only had a PC since 1987, maybe I'm just not computer savvy enough to use Win 8. Ubuntu to the rescue!

    1. Halfmad

      Re: Windows media non-player

      Fanbois of any kind are a little pathetic.

    2. phuzz Silver badge
      Gimp

      Re: Windows media non-player

      Windows can now just mount ISOs like they were actually CDs (welcome to the 21st century!).

      I'd still use VLC to play anything in said ISO, though of course, I'm not completely crazypants.

    3. bombastic bob Silver badge
      Unhappy

      Re: Windows media non-player

      "Ubuntu to the rescue!"

      OT I was a bit disappointed when I installed Mint 18 Mate (based on Ubu) the other day [to do 'droid dev for a customer project] and *ALL* of the built-in window decoration themes were FLATSO versions. SERIOUS disappoint. I had to search around to figure out how to get non-FLATSO looking min/max/close buttons. It's still possible, thankfully, just not pre-configured. I like bulbous buttons in my window title bar, not FLATSO. My desktop is NOT a feely-slab. [if I want a feely-slab I can get a 'droid one for cheap; they definitely have their use - like being a debug slave for the project - but I prefer my desktops to LOOK like desktops, not like 30" phones]

      but yeah, in ubu you STILL have a choice. it's just getting a bit more difficult to choose what I want.

  4. DrXym

    The culprit is WMV and it never went away

    WMV or Windows Media Video is a container format (like MKV, MP4 etc.). It can contain video, audio and other streams that are encoded by any number of codecs. The flaw is that if Windows Media Player doesn't have the right codec / drm to play the video / audio in the WMV, it will offer to download and install it.

    It's easy to see how this combined with human nature can trick some people into installing a trojan -

    1. New movie appears in a web site claiming to suicide-squad.wmv (or whatever)

    2. People download and click on it

    3. WMP starts up, offers to download the codecs / drm to play the movie

    4. People click through these popups

    5. Trojan downloads and installs itself using media framework as the bootstrap

    The remedy to this is fairly simple:

    * Don't download videos with a .wmv extension. It is a dead format and nobody would EVER use it unless they had malicious intent.

    * Don't download movies which claim to be self extracting .exes. Chances are they are trojans / malware.

    * Don't download movies which are inside .rar or .zip files. The seeder is trying to prevent you from seeing inside so it's likely malicious in some way, either a trojan, garbage data, or some other kind of trick / scam.

    * The only container formats in common use would be mp4, mkv and avi. The only video codecs in common use would be H264, HEVC/H265 and MP4 ASP. There are less common formats like m2ts, MPEG-2 etc. but these are the prevalent ones.

    * Use a well tested non-default player like VideoLAN to play videos and set the defaults to launch this instead of WMP.

    * Don't install or use software which claim to offer free movies / tv shows unless it comes from a reputable source that has the rights to that content.

    1. kyndair

      Re: The culprit is WMV and it never went away

      Yeah, nice in theory but if people were that sensible scammers would all be penniless street bums. The simple thing is for the media player not to download and run any old code, something MS could have done years ago.

    2. Anonymous Coward
      Anonymous Coward

      Re: The culprit is WMV and it never went away

      The culprit is WMV and it never went away

      I think you'll find the core culprit over the years has been quite simply Microsoft. Their management only seem to employ people with security competence to be present at pre-sales presentation, as evidently being far too valuable to allow them anywhere near any software or services.

      Yet another day, yet another Windows/Android problem (delete as applicable).

      1. Prst. V.Jeltz Silver badge
        Flame

        whaaat?

        3. WMP starts up, offers to download the codecs / drm to play the movie

        surely , i mean SURELY , there is a warning message saying.

        "When i download this codec I wont be going to any kind of reputable source , much less Microsoft's own library , no I'll be going to the site recommended by media author 'F1lm H4k0rZ 1s UZ' , and site specified is http:\\fhgfruefr.ch/dowloadbadshit.php

        are you sure yes/no"

        What that dosent come up? surely thats grounds to sue MS for aiding and abetting criminals ?

        1. DrXym

          Re: whaaat?

          "What that dosent come up? surely thats grounds to sue MS for aiding and abetting criminals ?"

          The same argument could be applied to any social engineering scam although clearly Microsoft are not on the ball with WMV. They should either maintain a whitelist of DRMs they support, or bake them into their product and support no others. There are perhaps 4 or 5 major DRMs in common use and it's not like there is much reason to throw it open to others.

    3. mrbawsaq

      Re: The culprit is WMV and it never went away

      Or just don't use Windows.

      Simple.

      1. Prst. V.Jeltz Silver badge
        Trollface

        Re: The culprit is WMV and it never went away

        Or just don't use Windows.

        you mean "Or just don't use Windows.media player"

        ftfy

  5. David Roberts

    Codec repository?

    If all the codecs were held by a trusted third party then any video which needed a new codec would trigger a connection to the repository.

    Instead you download an illegal ripped copy and then trust it to add stuff to your system. Because it is free. So it must be trustworthy.

  6. Anonymous Coward
    Anonymous Coward

    Windows Media Player... an epic piece of software

    Version 6.4 was the last 'good' (I use the term loosely) version of WMP. Later versions were horrid, buggy bloatware, and bundled with an ugly default skin.

    Version 6.4 was also the basis from which Media Player Classic, an open source media player, was developed. From then on it inspired the development Videolan (VLC) and many other media players.

    No matter how bad WMP is, just remember Realplayer. Remember that? You were forced to install that atrocity to open/view .rm videos. And it's riddled with ads. And it constantly nags you to upgrade to 'Pro' or 'Gold' or some paid version of it.

    1. phuzz Silver badge
      Unhappy

      Re: Windows Media Player... an epic piece of software

      "No matter how bad WMP is, just remember Realplayer."

      Screw you buddy, I'd managed to forget Real-so-called-Player until you reminded me, thanks a lot :(

      1. Pascal Monett Silver badge
        Coat

        Those who forget history . . .

        1. VinceH

          ... have the opportunity to relearn it the hard way.

          (I've no idea if it's still as bad as it used to be - but it is still a thing!)

        2. swampdog

          Those who forget history . . .

          ..are doomed to repeat what?

    2. Roland6 Silver badge
      Pint

      Re: Windows Media Player... an epic piece of software

      No matter how bad WMP is, just remember Realplayer.

      Well, I seem to remember that the early versions of RealPlayer (pre v4) were quite reasonable, so perhaps MS are just following the 'leaders'...

  7. Anonymous Coward
    Anonymous Coward

    buffering...

    buffering...

  8. Joe Drunk
    Pirate

    noobs are why we have so many botnets

    Anyone who's a regular downloader of movies is not going to fall for this ruse because

    a) they are already using one of many dozens alternate media players

    b) will only download DRM free content. I'm looking at YOU Cinavia (R.I.P.).

    1. JimmyPage Silver badge
      Linux

      Re: (c) they use Linux

      All my downloading is done on a Linux Debian box.

  9. adam payne

    Windows Media Player wasn't that short for Windows doesn't want to play any Media Player.

    I haven't used WMP since the days of Windows 98, never again.

    Darn it no traffic cone icon, oi Reg we need a traffic cone icon.

  10. MarmiteToast

    Comeback?

    Making a comeback? This never went away.

  11. chivo243 Silver badge
    Devil

    WMP?

    I've never used it... Surprised to hear it's still bundled with Windoze. Shouldn't this one have been taken behind the shed and put out of our MiSery?

  12. Prst. V.Jeltz Silver badge
    Flame

    i tried wmp once . I actually couldnt make it work . It does it now , but a couple of iterations ago dropping a file on it would not make it play the file. How fucking stupid is that?

    It was too busy trying lots of shit i didnt want , like throw ads at me - for too busy to do its fucking job.

    I hate things that have one very simple job to do and fail spectacularly at it. For instance theres a certain type of file shortcut you find on windows that absolutely will not tell you where the file it is pointing at is. A shortcut dosent have much of a role in life . pretty simple . pretty easy. - start a certain exe when told , and be open to discussion about where said exe it is , and possible reassignment to a new exe. but noooo certain ones will not give up the location , much less be reassigned. its like theyre in a union or something.

    Even under harsh interrogation from npp+ or a hex editor they still wont spill it.

    Adobe reader is another example of a simple job turned into a nightmare. I think Adobe are doing it deliberately to take the piss.

    I tried it for audio too. couldnt add an mp3 to make a list, so stuck with winamp ( apparently nobody uses that anymore either)

  13. JWLong

    In use for YEARS

    I've been puttin' this on boxes for years, it just works. Can't remember the last time i seen a call for codecs to dowload.

    http://www.cccp-project.net/

  14. Anonymous Coward
    Anonymous Coward

    This is news?

    Sort of "the sky is still blue" news.

    If you download a video, and it's in an archive that has ANY file named "codec", then you delete it posthaste and move on.

    1. Cynic_999

      Re: This is news?

      This article has nothing to do with archives having bundled codecs, it refers to an innocent-looking WMV file that has instructions in its header that will result in WMP downloading & running an EXE file under the guise of installing a necessary codec.

  15. Nolveys

    Improving Security

    An academic study last month found 90 percent of users will ignore security warnings if they are slightly distracted, meaning developers should throw messages only when their application has the user's undivided attention.

    A pneumatic piston with a boot attached to the end, mounted to the underside of the user's desk might solve this problem. Simply fire it at the user's groin prior to displaying security warnings.

    1. Fatman
      Joke

      Re: Improving Security

      <quote>Simply fire it at the user's groin prior to displaying security warnings.</quote>

      And repeat several times if the (l)user is in manglement.

      1. Nolveys

        Re: Improving Security

        And repeat several times if the (l)user is in manglement.

        In that case you would want a second device, aimed at the user's head and operating continuously.

  16. Anonymous Coward
    Anonymous Coward

    What!!

    Cant believe peeps still fall for this standard attack

    Install Klite with MPC and your done

    If something asks for a codec then its a virus, simples!

  17. dol
    Trollface

    In its place are legitimate BluRay rips of War Dogs

    That word, legitimate. I don't think it means what you think it does.

    1. fedoraman
      Joke

      Re: In its place are legitimate BluRay rips of War Dogs

      That's right folks - just stick to legitimate torrents and you won't have this problem!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like