RIAA Says Worm Advisory Was A Hoax

By George V. Hulme, InformationWeek

An advisory sent Monday to security mailing lists claiming the Recording Industry Association of America had contracted a group of hackers to create a worm to infect peer-to-peer file-swapping networks is a hoax, the organization that represents music publishers said Wednesday.

"These claims are absolutely false," says a spokesman for the RIAA.

The security group, which calls itself Gobbles Security, sent the hoax to Symantec's BuqTraq mailing list and the vulnerability-tracking site VulnWatch. In the advisory, Gobbles claimed it was "recruited by the RIAA (riaa.org) to invent, create, and finally deploy the future of antipiracy tools. We focused on creating virii/worm hybrids to infect and spread over p2p nets." The group also claimed it had developed a hydra worm capable of infecting many common media players, including Microsoft Media Player and WinAMP.

"It took us about a month to develop the complex hydra, and another month to bring it up to the standards of excellence that the RIAA demanded of us," Gobbles wrote.

Users of these media players need not worry about the worm, as the claim of its development is apparently false. However, Gobbles does say that it found a vulnerability in an open-source media player known as MPG123.

Since last summer, the RIAA.org Web site has been hit with a number of attacks, including a denial-of-service attack that made the site largely unavailable for a few days. The site also has been defaced.

While users of the popular media players may not need to worry about getting infected from the worm Gobbles claims to have developed, a bill which would legalize system attacks by copyright owners is under consideration. If a bill sponsored by Reps. Howard Coble, R-N.C., and Howard Berman, D-Calif., makes its way into law, copyright owners would have great leeway to do things that would currently send hackers to prison. The bill would let groups such as the RIAA disable, block, or impair publicly accessible file-swapping networks if copyrighted material was being illegally traded on those nets.

Attacks against the RIAA Web site proliferated shortly after the introduction of the bill in July.