TechTalk & Personal Computing Guide


TechTalk & Personal Computing Guide
TechTalk & Personal Computing Guide

BEWARE:New Ad Attacks that take over pc

cdesai12 Goldie

Joined: 18 September 2004
Posts: 1900

Posted: 13 January 2005 at 5:10pm | IP Logged

Ads and adware have a new way to get on your PC: via music and video files. We show how they do it and how to stop them.

Andrew Brandt and Eric Dahl

From the February 2005 issue of PC World magazine
Posted Thursday, January 06, 2005

Think you're downloading a new song or video? Watch out--that file may be stuffed with pop-ups and adware.

PC World has learned that some Windows Media files on peer-to-peer networks such as Kazaa contain code that can spawn a string of pop-up ads and install adware. They look just like regular songs or short videos in Windows Media format, but launch ads instead of media clips. When we ran the files, we noted over half a dozen pop-ups, some attempts to download adware onto our test PC, and an attempt to hijack our browser's home page.

You can take steps to guard your PC against this ad invasion (see "Protect Yourself"). But such ads aren't the only ones coming your way: Expect lots more multimedia ads and new networks that track users online to deliver ads that match their interests (see "Ads Get Flashier, More Personal").

Off-Key Experience

A reader initially alerted PC World to an ad-laden Windows Media Audio file, titled "Alicia Keys Fallin' Songs In A Minor 4.wma." We then found two other WMA files and two Windows Media Video files that had been similarly modified. A firm called Overpeer released these files, we discovered.

Overpeer (owned by Loudeye) first made news in mid-2002 by offering its services to record companies looking to stop P-to-P pirates. It creates fake audio files that purport to be popular songs but play only a short loop of the track or an antipiracy message; then the file pops up a window offering the downloader a chance to buy the song. By flooding file-sharing services with spoofed files, Overpeer makes finding real music files more difficult.

Marc Morgenstern, Loudeye vice president and general manager of digital media asset protection, says the files we found come from a different division of the company--one that targets users with promotions or ads based on the keywords they search for on P-to-P networks or in other venues.

Though the two businesses differ, the result is likely the same--a further reduction in the effectiveness of P-to-P networks. Morgenstern characterized Overpeer's actions as just deserts for people who illegally trade copyrighted works for free. "Remember, the people who receive something like [the media adware files], in some cases, were on P-to-P, and they were trying to get illicit files," he says.

Firms Surprised

PC World contacted Microsoft and the seven ad-serving companies whose ads popped up when we ran the Keys audio file. "We're looking into exactly what's going on with this file and checking to see if this particular model is in keeping with the licensing terms for Windows Media [Digital Rights Management]," says David Caulton, group product manager for Microsoft's Windows Digital Media Division. "We wouldn't want to endorse anything that involved delivery of content that appears to be one thing, and then something else is delivered."

Only one of the advertising firms, Kanoodle, responded in time for our article. "Kanoodle stringently vets all prospective partners to determine in advance how they will distribute ourA sponsored links," wrote Lance Podell, the company's president. "As in this case, upon detecting or discoveringA any prohibited distribution activity, we eliminate it immediately." Indeed, Kanoodle's ads no longer appear when we launch the file.

DRM Loophole

A loophole in the Windows Media DRM process allows companies to create ersatz media files and link them to adware. Normally, when you download a protected Windows Media file, you also receive a license that lets you play it. According to Caulton, if Windows Media Player can't find a valid license on your PC, it checks in with a remote system running Microsoft's Windows Media DRM Server.

You'll rarely see that happen. Some files, though, are set up to ask you for information before playing. They sometimes do this by displaying a Web page offering you a chance to buy the file you're playing or inviting you to sign up for a mailing list to get the content free. At least, that's the way it's supposed to work.

But since the license dialog box acts just like an Internet Explorer window, it can display whatever is on the page it points to--whether a legitimate call for license information or a series of pop-up ads.

When we played the modified files, the License Acquisition dialog box showed a page containing ads and quickly spawned more IE windows, each containing a different ad.

Not only did we get bombarded with unwanted ads, but one of the ad windows in a video file tried to install adware onto our test PC surreptitiously, while another added items to our browser Favorites and attempted to change our home page. And a window from the original music file asked to download a file called "," which contained the installer for 180search Assistant, commonly categorized as an adware program.

The media files appear to run once the ads load, but they were devoid of video or music.

First Wave?

The ads in Overpeer's disguised media files may annoy some users. But malicious agents such as hackers and thieves could exploit the DRM loophole to do far worse. For example, criminals could load modified media files with keystroke loggers or other software for taking over your PC.

The difficult part of invading someone's PC is enticing a user to click a link or file to be infected, says Johannes B. Ullrich, the chief technical officer for the SANS Institute's Internet Storm Center, a security group. Hacked media files could give criminals the perfect bait with which to lure unsuspecting users.

Senior Reporter Tom Spring contributed to this report.

Protect Yourself

Prevent bogus files laden with adware or spyware from infiltrating your PC, by taking the following steps.

Change Windows Media Player settings to give you more warning. Select Tools, Options, Privacy and turn off Acquire licenses automatically for protected content. In the future, a dialog box will warn you each time a protected file attempts to get a license and will display the URL from which it will request the license. If you have doubts about the site, choose "No." Changing this setting in Windows Media Player affects any other players you use that support Microsoft's DRM scheme.

Set your browser to, at a minimum, prompt you prior to downloading any ActiveX controls. (In IE, choose Tools, Internet options, Security and click Custom Level.)

Use a pop-up blocker. It won't prevent the initial ad or the first IE window spawned, but it will prevent further pop-ups from appearing on your PC.

Turn on automatic Windows updates to make sure that IE holes are plugged quickly.

Run a firewall, and monitor outgoing and incoming Internet requests.


Ads Get Flashier, More Personal

No longer are online advertisers content to litter your screen with pop-ups, banner ads, and the like--now you're in for a multimedia ad experience. As you've likely noticed when you surf the Web, more sites (including are using ads that play short video clips--like previews for an upcoming movie--or interrupt your browsing by appearing between pages as you surf, or drop down over the content you're trying to access, often with accompanying music or other animation.

In 2004, advertisers spent about 8 percent of their total online advertising dollars on such ads, called rich media ads; that should grow to 25 percent by 2008, according to EMarketer, a New Yorka??based research company. Better video compression and steady growth in the number of broadband users make the ads possible--and you'll be seeing lots more of them.

Web sites claim that they receive far less negative feedback about rich media ads than they do about pop-ups, says Jim Nail, a principal analyst with Forrester Research. People may be less offended by the ads because they usually disappear on their own, and because they tend to be more entertaining than pop-ups, he says.

Many sites cap the frequency of rich media ads, too, in some instances exposing users to a maximum of one such ad per day, Nail says. Advertisers initially did the same thing with pop-ups; later, however, as online marketers grew frantic to bring in more customers, the pop-up floods began.

Targeted Ads

What else is slouching toward you online? "One of the biggest trends right now is behavioral targeting: the ability to identify a user's patterns online and serve them more relevant ads," says Greg Stuart, CEO of the Interactive Advertising Bureau.

Behavioral targeting isn't new. Doubleclick (used by tried and then ended such a service in the late 1990s because irate users feared their online habits were being tracked and matched to their name and postal address. But the most prominent new service, Tacoda's Audience Match Network (launched last November) doesn't identify individuals, say industry analysts.

Tacoda's ads--simple text ads with supposedly high relevance--resemble those developed as part of Google's AdWords program, which displays ads related to the terms a Google user has searched for.

With Tacoda, "users are placed into buckets, depending on their browsing habits, of areas they seem to be interested in," says Dave Morgan, the company's CEO. A user who reads an article at on new cars, for example, may be labeled a car buyer. When she surfs to another Tacoda network site, she may see ads designed for car buyers. "No actual personal information about consumers is used in our service," Morgan says. Nevertheless, Tacoda's network may track users for significant lengths of time, depending on whether the user's classification is a temporary condition, such as car buyer, or indicates a long-term hobby, such as golfing.

According to a company statement, by the end of its launch phase in early 2005, Tacoda expects more than 1000 advertisers and 1000 sites will be using the service.

Because Tacoda uses cookies to track users, employing a cookie blocker should prevent inclusion in the service. No rich-media ad blockers exist yet, but they should appear as these ads become ubiquitous.

-- Liane Cassavoy

anitha.b IF-Dazzler

Joined: 06 September 2004
Posts: 3506

Posted: 13 January 2005 at 5:13pm | IP Logged
thanks cdesai. That is really good information.

Edited by smisha - 13 January 2005 at 5:13pm
pujas Senior Member

Joined: 14 September 2004
Posts: 938

Posted: 13 January 2005 at 5:40pm | IP Logged
Thanks Cdesai. Very good article
nandiinii Senior Member

Joined: 01 November 2004
Posts: 503

Posted: 14 January 2005 at 8:07am | IP Logged
thanks a lot 4 the article..its very nice!!Clap
meghavi IF-Rockerz

Joined: 21 November 2004
Posts: 8263

Posted: 14 January 2005 at 3:33pm | IP Logged
Thank you, the info in the article is very useful!
  • Page 1 of 1

Go to top

Related Topics

  Topics Author Replies Views Last Post
*Imp* Prog Attacks Microsoft AntiSpyware

Author: cdesai12   Replies: 1   Views: 774

cdesai12 1 774 10 February 2005 at 7:48pm by HUMM
Beware: Your PC Can Kill You

Author: cdesai12   Replies: 4   Views: 642

cdesai12 4 642 13 January 2005 at 6:12am by nandiinii
Beware : IE Flaw Exploited

Author: cdesai12   Replies: 2   Views: 699

cdesai12 2 699 12 January 2005 at 6:42am by nandiinii
Virus attacks Cell Phones

Author: pujas   Replies: 6   Views: 1247

pujas 6 1247 13 December 2004 at 4:30pm by rabeeak2003

Forum Quick Jump

Forum Category / Channels

  • Please login to check your Last 10 Topics posted

Disclaimer: All Logos and Pictures of various Channels, Shows, Artistes, Media Houses, Companies, Brands etc. belong to their respective owners, and are used to merely visually identify the Channels, Shows, Companies, Brands, etc. to the viewer. Incase of any issue please contact the webmaster.

Popular Channels :
Star Plus | Zee TV | Sony TV | Colors TV | SAB TV | Life OK

Quick Links :
Top 100 TV Celebrities | Top 100 Bollywood Celebs | About Us | Contact Us | Advertise | Forum Index