MPAA Sends Out Malware

The Motion Picture Association (MPAA) is sending out malware to universities.

Brian Krebs of the Washington Post details on MPAA's attempt to provide software to US university's to "help" them to track illegal movie downloads. Unfortunately, the MPAA's program opens up some big security holes in a university that installs the software. Mr Krebs analyzed the software (with some help) and "What we found was that depending on how a university's network is set up, installing and using the MPAA tool in its default configuration could expose to the entire Internet all of the traffic flowing across the school's network. "

And another problem they found "The MPAA overview of the toolkit stresses that the software does not communicate any information about a university's network back to the association. But in its current configuration, the very first thing the toolkit does once it is fired up is phone home to the MPAA's servers and check for a new version of the software. So, right away, the MPAA knows the Internet address every computer that is running the software."

Mr. Kreb's article here: http://blog.washingtonpost.com/securityfix/2007/11/mpaa_university_toolkit_opens_1.html

Be careful of horses bearing gifts.