Win DRM hides malicious trojans, RIAA deploys infected music on P2P?

According to PCWorld and TechDirt, Windows DRM contains a flaw that allows for attakcers to create music files that contain trojans that attack your computer when you play them, and moreover, the music industry has hired a company called Overpeer which is flooding the P2P networks with infected fake music files.

Overpeer is the same company that the recording industry has hired in the past to dump fake versions of songs on file sharing networks. What the article doesn't answer is whether or not the industry hired Overpeer to dump spyware on the network as well, but it's likely they're pleased either way. Overpeer defends their actions by saying that anyone obviously deserves what they get because, obviously, they were looking for unauthorized files. It's not clear that everyone would agree. Sneaking malicious files onto someone's computer because "they deserved it!" doesn't seem like a very good justification. What may be even more important to this story, however, is the revelation of just how easy it is, thanks to a huge loophole in Microsoft's copy protection technology, to include a malicious file with an audio or video file. Basically, because Windows DRM needs to look for a license, all anyone needs to do is point that license to a website that loads malicious content and off you go. Thank you Microsoft, for creating a huge loophole that will probably make sure millions of new computers are loaded with spamming, DDOSing trojans shortly.

Link

(Thanks, Alex!)