The recording industry may be publishing spyware-infested copies of their songs on P2P networks, according to a PC World story by Andrew Brandt and Eric Dahl.
The files are encoded in a Microsoft file format. When the user plays such a file, the user’s browser is forced to visit a URL contained in the file. For the files at issue here, the page at that URL uses various spyware-insertion tricks to try to infect the user’s machine with standard spyware programs. Ben Edelman reports that when he clicked on one such page, “My computer quickly became contaminated with the most spyware programs I have ever received in a single sitting, including at least the following 31 programs…” Ed Bott notes that fully patched systems won’t catch spyware from this file unless the user foolishly accepts downloads; but Ben Edelman argues that the files try to mislead the user into accepting the downloads, and in any case we know that users often are fooled by such tricks.
Even more interesting, PC World reports that, for at least one such file, the spyware-distribution page is hosted by Overpeer, a company that does lots of business with the recording industry. (It’s not clear whether the particular file Ben Edelman studied had any relation to Overpeer.) Overpeer, for example, is paid by the recording industry to spread spoofed files on P2P networks, in the hope that P2P users will download the fake files rather than real (infringing) ones.
The really interesting angle here, to me at least, is who approved the release of these spyware-bearing audio files onto P2P nets. It sure looks like Overpeer created the files. Did Overpeer release them? That would seem likely.
If Overpeer did release these copyrighted songs onto P2P nets, did they have the permission of the record companies that own the copyrights on the songs? If not, then Overpeer is a P2P infringer. It seems unlikely that Overpeer would take this risk, especially since the files contain a URL that points right back to Overpeer.
So it seems more likely that the record companies gave permission. If so, is it fair to say that these particular files, which contain copyrighted music, are circulating on P2P nets with the copyright owners’ permission? And what does this say about the record industry’s incessant argument that P2P nets distribute spyware?
All of this is speculation, of course. We don’t know for sure who did or didn’t participate in the files’ release. But it’s hard to see a scenario that makes both Overpeer and the record industry look good. There’s a nice investigative reporting opportunity here.
[Updated at 1:40 PM to clarify that the file tested by Ben Edelman might not be one of the files related to Overpeer. Thanks to Ben for his comment pointing this out.]
[Read the comments on this post – they’re particularly good.]
