The Hacker House security experts have warned that downloading and opening Windows DRM-protected files can decloak Tor Browser users and reveal their IP addresses. <\/p>\n
The attacks via DRM-protected multimedia files in Windows have been known for more than 10 years, though until recently, theyve only been used to spread malware. <\/p>\n
Some of the previous attacks tried to make users open and play DRM-protected files. Usually, these files would open in Windows Media Player, and users would see a popup that asked them to visit a URL to validate the files license. <\/p>\n
PC users who agreed were transferred to an authorization URL. However, what users dont know is that hackers could modify these links and point victims to exploit kits or malware-laced files. <\/p>\n
The Hacker House team has found that the pop up asking users if they wanted to visit the authorization URL would only appear for DRM files which have not been signed with the proper tools. <\/p>\n
In case the attacker signed the DRM-protected multimedia files with an official Microsoft SDKs such as Windows Media Encoder or Microsoft Expression Encoder, the popup would not show, and the users player would automatically open an Internet Explorer instance and access the authorization URL. <\/p>\n
According to the Hacker House security experts, the cost of properly signing DRM multimedia files ranges around $10,000, a sum that many low-end malware authors arent willing to pay for such a niche attack. <\/p>\n
Nevertheless, the same thing doesnt relate to determined state-sponsored hackers or law enforcement agencies, who have the financial and physical resources to support such an attack infrastructure. <\/p>\n
For example, law enforcement could host properly signed DRM-protected files on websites pretending to host child pornography. When a user would try to view the file, the DRM multimedia file would use Internet Explorer to ping a server belonging to the law enforcement agency. <\/p>\n
Also, this tactic can be used to target ISIS militants trying to view propaganda videos, illegal drug and weapons buyers trying to view video product demos, political dissidents viewing news videos, etc. <\/p>\n
<\/p>\n
See more here: The Hacker House security experts have warned that downloading and opening Windows DRM-protected files can decloak Tor Browser users and reveal their IP addresses. The attacks via DRM-protected multimedia files in Windows have been known for more than 10 years, though until recently, theyve only been used to spread malware Continue reading
\nWindows DRM Files Deanonymize Tor Browser Users - Virus Guides - Virus Guides (blog)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"