Sony Rootkit

Matt

By Matt,
in Spyware/Adware Information

 Share Followers 0

Recommended Posts

Matt

Matt

Posted
Posted

If you have not already heard, recent music CDs produced by Sony-BMG have been found to install a rootkit onto your machine, if inserted into the computer.

A rootkit is software which alters the way the operating system works. The purpose of this is to hide files, folders and processes while they are running on the system. They were used in the old days, long before Windows was created, to take over UNIX computers. With a good rootkit, you can hide any piece of software from all but the most determined search. Today, they are used frequently by trojans, spyware and viruses.

According to Spyware Weekly:

When this CD is put into a Windows computer, a license agreement pops up declaring that a small program will be installed. The license agreement claims that the software will be used to play the music files and to allow you to make a limited number of copies of the music. It also claims that you cannot play the music files without installing the program.

The agreement contains significant omissions. The fact that a rootkit is installed is not disclosed. The fact that device drivers are installed is not disclosed. That these device driver will disable the CD burner if someone attempts to copy the CD is not disclosed. The NT service is not disclosed and in fact, is given a deceptive name: "Plug and Play Device Manager".

This has obviously upset people. Many lawsuits have sprung up, and security companies around the world have promised to help in the removal of this rootkit. Manual removal can be harmful to the working of your computer, specifically the CD drive.

You do not need to install this software in order to play CD music. All current operating systems include at least one media player. In fact, the only way that this statement can be true is if you do install Sony's software. At that point, the software prevents a person from using the music with any software not approved by Sony. If the software is not installed, you can play the music or rip it to your hard drive with any software you like....

...Sony is facing a PR disaster, boycotts, class-action lawsuits and criminal investigations around the world. All of this because of an idiotic decision to tamper with their customers' computers in order to prevent them from exercising their legal fair use rights....

...If you decide to try to remove the software, be extremely careful and make absolutely certain that you make a full backup of your system first. Removing the software incorrectly WILL damage your computer.

Removal tools are being produced, such as this one from Symantec. But, be weary when using these. They have not been found to fully remove the software installed by Sony.

Right now, your best bet is to NOT put any recently purchased CDs on your computer, if made by Sony-BMG.

All information quoted can be found

Here

and

Here

Matt

Link to post
Share on other sites
baker7

baker7

Posted
Posted (edited)

Matt:

Thanks for that information. I think putting a "rootkit" on ANY machines to disable OS functionality is illegal, stupid and harmful. It makes me think of someone who does NOT want us to use our machines as intended, and worse, companies then can make users computers do anything they want them to, which is WRONG. A "rootkit" is nothing more then an excuse for an inept programmer to mess around with the way your computer operates. I consider any "rootkits" to be viruses - PERIOD!

This is because when this rootkit is installed, it opens the door for hackers to take advantage of unsuspecting users - Sony and other record companies could make thier customers very angry, and this blunder could cost Sony and other companies lots of money to correct the problem. I don't care if they protect thier music, but they should not screw around with rootkits and be sneaky to do it. We have enough problems with viruses and spyware/malware without this........

Brian

Edited by baker7
Link to post
Share on other sites
Matt

Matt

Posted
  • Author
Posted

Ah, the saga continues...

Will Sony ever learn?

When it became clear that the public was growing more and more outraged, Sony offered a removal tool. Unfortunately, their removal tool was written as poorly as their rootkit. It is an ActiveX program which installs into Internet Explorer. Anyone with that ActiveX program installed is at risk of any web page using it to install their own software. The uninstaller tool is more dangerous than the rootkit that it was designed to remove.

Someone's in trouble...

Sony-BMG is facing at least three class-action lawsuits, with more possibly on the way. They are being sued by the State of Texas for violating their new antispyware law. An Italian electronic rights group has filed a complaint with the Italian police and are asking for a criminal investigation. The artists whose music Sony-BMG distributes are outraged; and a few music labels are considering taking legal action.

To top it all off, the US Department of Homeland Security is angry at Sony because they discovered that the rootkit was installed on several computers at that agency. Someone at Sony-BMG potentially could go to federal prison over that last one.

Let's break some more laws!

Another interesting discovery was made recently. Some of the software code in the copy protection program was used in violation of the copyright license. They used code from an open source MP3 encoder but failed distribute the source code of their modifications or even to disclose that they had used it. So, it is okay to break someone's copyright, as long as you are doing so to protect your own?

...Rather than showing respect for the people who choose to pay for their music and buy the CD, Sony violates numerous laws and even violates someone else's copyright to install a hidden trojan.

And what does Sony have to say about all this?

"Most people, I think, don't even know what a rootkit is, so why should they care about it?"

- Thomas Hesse, President of Sony BMG's global digital business division.

Could this be the downfall of the electronis super-giant? Also, it has been discovered that recently produced digital cameras contain a version of the rootkit. This prevents you from sharing your photos with anyone. Since when is it bad to share YOUR OWN PICTURES? Sony has seriously hit rock-bottom here.

All information quoted can be found:

Here

More Info

I just found this. It is a list released by Sony of the CDs Containing XCP Content Protection Technology (the rootkit).

Matt

Link to post
Share on other sites
Matt

Matt

Posted
  • Author
Posted

Wow, if true, that would seriously suck. I don't think it will hold up though. Perhaps on pirated games it could work, but used? There are way too many industries devoted to used games. Whenever you go to a mall, you have the option to buy used games; and movie rental stores (not to mention the online gmae rentals) would suffer greatly from this. If that hold through, Sony will lose many business partners and mass-purchase clients.

Matt

Link to post
Share on other sites
Dragon

Dragon

Posted
Posted (edited)
Could this be the downfall of the electronis super-giant? Also, it has been discovered that recently produced digital cameras contain a version of the rootkit. This prevents you from sharing your photos with anyone. Since when is it bad to share YOUR OWN PICTURES? Sony has seriously hit rock-bottom here.

This is not correct. this is a hoax put out by someone who got a little over zealous with the copyright protection issue at hand with Sony.

The following is from a cached page at Sysinternals.com http://www.google.com/search?q=cache:h5dVA...lient=firefox-a

SpannerITWks wrote:

Well would you believe it ? The've been at it again, this time with a Digital Camera !

New Sony Digital Camera Installs Rootkit to Stop Photo Sharing

Los Angeles, CA - Many consumers are complaining about Sony's new Cybershot DSCP515 camera that installs digital rights management (DRM) software on the person's computer so they are unable to share their digital pictures with anyone.

A Sony representative said it was part of its "increased vigilance in combating copyright and trademark infringement."

http://www.bbspot.com/News/2005/11/sony_photo_sharing.html

Spanner

BBSpot is a humour site. 'Twas a joke.

b.

So dont' get all worried about the digital camera issue. bbspot was just doing what they usually do, take a news story and make more satiracal.

Edited by Dragon
Link to post
Share on other sites
Pete_C

Pete_C

Posted
Posted

http://news.zdnet.com/2100-1009_22-5984764.html?tag=nl.e589

Their other copy protection opens dangerous security holes too.

The danger is associated with copy-protection software included on some Sony discs created by a company called SunnComm Technologies. The vulnerability could allow malicious programmers to gain control of computers that have run the software, which is typically installed automatically when a disc is put in a computer's CD drive.

The issue affects a different set of CDs than the ones involved in the copy-protection gaffe that led Sony to recall 4.7 million CDs last month, and which has triggered several lawsuits against the record label.

Link to post
Share on other sites
bearskin

bearskin

Posted
Posted
http://news.zdnet.com/2100-1009_22-5984764.html?tag=nl.e589

Their other copy protection opens dangerous security holes too.

The danger is associated with copy-protection software included on some Sony discs created by a company called SunnComm Technologies. The vulnerability could allow malicious programmers to gain control of computers that have run the software, which is typically installed automatically when a disc is put in a computer's CD drive.

The issue affects a different set of CDs than the ones involved in the copy-protection gaffe that led Sony to recall 4.7 million CDs last month, and which has triggered several lawsuits against the record label.

here it is if you are interested:

http://sonybmg.com/mediamax/titles.html

Link to post
Share on other sites
  • 3 weeks later...
Matt

Matt

Posted
  • Author
Posted

Latest news from Sony, and its lawsuits:

The original lawsuit alleged that SonyBMG's XPC copy protection software violated Texas antispyware laws. The XPC software hid malicious and potentially destructive software with a rootkit, as well as opening a security hole.

A patch intended to remove the rootkit, released by SonyBMG after news of their software became public, turned out to be more harmful than original software. If installed, the XPC patch would have allowed any web site to install any software, regardless of its origins.

Texas now says that a different form of copy protection used by SonyBMG also violates the state's antispyware law, as well as laws against deceptive practices. The updated lawsuit alleges that this other copy protection program, known as MediaMax, is installed on computers even before the consumer is able to choose whether or not to accept it. The Texas Attorney-General says that SonyBMG is misleading consumers by stating that no files are installed, if the agreement is declined.

The MediaMax software also opens a security flaw on infected computers. This security flaw might leave a computer vulnerable to infection by other malicious software.

Texas is now asking that if any of its residents are infected by any form of Sony DRM software to file a complaint at the following location:

https://www.oag.state.tx.us/consumer/complain.shtml

How to determine if SonyBMG's XPC is on your machine:

There are two ways to determine if you are infected:

Option 1:

Go to Start > Run and type cmd

Then, in the command prompt type (including the quotes):

"cd windows\system32\$sys$filesystem"

If you are copable of changing to that folder, you are infected. If the system returns the message: "The system cannot find the path specified.", you are not.

Option 2:

Create a text document, and name it test.txt into My Documents. Once you have saved it, change the filename to $sys$test.txt . Then refresh the folder by pressing F5. If after this is done, and the file has disappeared, you are infected.

If the court decides in favor of Texas, SonyBMG might have to pay up to $100,000 in damages for each violation of the antispyware law and $20,000 in damages for each violation of the deceptive trade practices law. Individuals whose computers were affected by the software also can recover damages.

All information and quoted text can be found here.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing