SECURITY NEWS: Sony & Rootkits

[TechZ]

Sony Installs 'Rootkits' On Users Machines -

In what's set to be 2005's hottest story yet Sony have been found to install illegal Trojan horse-based digital restrictions management (DRM) technology that installs itself as a rootkit on Windows PCs. Users who purchase certain Sony Music CDs from online stores like Amazon are subject to this rootkit being installed on their machines. According to Sysinternals' Mark Russinovich the kit installs itself in hidden directories and attempts to mask its existence as "Essential System Tools". What's more fun is that attempting to remove the rootkit with common tools that perform a RKR scan will render a Windows XP machine useless. "Users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files," Mark wrote in an online blog entry yesterday.

More Links: SecurityFocus.com

World of Warcraft hackers using Sony BMG rootkit -

World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software--deemed a "rootkit" by many security experts--is shipped with tens of thousands of the record company's music titles. Sony is offering a "patch" that can be of assistance in ousting this ugly bug. This patch can be downloaded from the Sony BMG's Web site. In addition, another patch is available for anti virus vendors only. Unfortunately, this patch will not remove the DRM, it just makes it visible, you still have to manually get rid of it.

[NooNoo]

Hmmm I wonder where they got the idea....

[TechZ]

The fallout continues over Sony BMG Music Entertainment's controversial XCP copy protection software, with an Italian digital rights organization now taking the first step toward possible criminal charges in the matter. Separately, security vendor Computer Associates International said today it is now classifying Sony's software as spyware and will begin searching for and removing XCP with its antispyware software, starting on November 12.

A group based in Milan called the ALCEI-EFI (Association for Freedom in Electronic Interactive Communications - Electronic Frontiers Italy) filed a complaint Friday about Sony's software with the head of Italy's cyber-crime investigation unit, Colonel Umberto Rapetto of the Guardia di Finanza. The complaint alleges that XCP violates a number of Italy's computer security laws by causing damage to users' systems and by acting in the same way as malicious software, according to Andrea Monti, chair of the ALCEI-EFI. "What Sony did qualifies as a criminal offense under Italian law," he said in an e-mail interview.

Full story: PC World

[TechZ]

Microsoft 'Concerned' by Sony DRM

Microsoft Corp. is concerned about rootkit features in CDs from Sony BMG artists and is evaluating the situation to see if any action needs to be taken, a spokesperson said. The Redmond, Wash., software maker said that the security of its customers' information is a "top priority" and that the company is concerned by software like that deployed by Sony to block illegal CD copying.


However, unlike other security software vendors, Microsoft hasn't decided whether to take more aggressive action against the product, such as detecting and removing it from systems, the spokesperson said. Sony's rights management technology, which it calls "sterile burning," shipped on CDs by around 20 Sony BMG artists and is installed along with a custom media player that must be used to play the songs on a Windows PC.


Editor of Dutch webzine WebWereld, Brenno de Winter, has taken some time to take a closer look into Sony's 'Rootkit'. He states: "The spyware that sony installs on the computers of musicfans doesn't seem to comply with copyrights." As it seems, certain pieces of code are identical to LAME, an open source mp3-encoder. An anonymous expert, figured out the CD 'Get Right' by 'Van Zant' contains strings from the library version.c from Lame. He stubled upon: "http://www.mp3dev.org/", "0.90", "LAME3.95", "3.95", "3.95 ".

This discovery could imply major consequences for Sony.

Full story: eWEEK | Bink

Antivirus firms target Sony 'rootkit'

Antivirus companies are releasing tools this week to identify, and in some cases remove, copy protection software contained on recent Sony BMG Music Entertainment CDs. The software has been identified as a potential security risk. The Sony software, found on several of the company's recent albums, is triggered by playing one of the CDs in a PC. From the CD drive, the software installs itself deeply inside a hard drive and hides itself from view. This cloaking technique could be used by virus writers to hide their own malicious software, security experts have said.

There is a range of opinion among security companies about how much risk the software poses, from those who consider it no worse than an adware pest to those who view it as potentially dangerous spyware. Symantec said Wednesday that its antivirus software would identify the Sony software, but would not remove it. Instead, it will point to Sony's own Web site, where users can get instructions for uninstalling the software or download a patch that will expose the hidden components.

Full story: C|Net News

Sony President: Rootkit of No Concern

In an interview with NPR late last week, Sony BMG's Global Digital Business President Thomas Hesse downplayed the recent DRM fiasco saying he objected to terms such as malware, spyware and rootkit. "Most people, I think, don't even know what a rootkit is, so why should they care about it?" he said.


Hesse acknowledged that the controversial First 4 Internet technology that installs and "cloaks" the DRM software without a user's permission shipped on about 20 CDs. But "no information ever gets gathered about the user behavior," he claimed. "This is purely about restricting the ability to burn MP3 files in an unprotected manner."

News source: BetaNews

[rgharper]

In an interview with NPR late last week, Sony BMG's Global Digital Business President Thomas Hesse downplayed the recent DRM fiasco saying he objected to terms such as malware, spyware and rootkit. "Most people, I think, don't even know what a rootkit is, so why should they care about it?" he said.

So ... "Most people, I think, don't even know what the H5N1 virus is, so why should they care about it?", I says.

Bloomin' idjits.

[Ferrit]

So most people wont care when a hacker uses the rootkit to seize the pc and have it help break into a financial institute and say steal credit card numbers.

No hes right I am sure no one will be concerned.
:butt:
And they allow people with this type of mentality to actual hold a position of power?

[NooNoo]

Guess Sony is in for a shock then... if that software is as broke as it appears to be, people will be caring very much indeed and sending their repair bills to sony...

Oh wait.... go right on denying it sony, you can pay for the techs gravy train for a while!

[slgrieb]

Sony seems to be headed for their second class action lawsuit already. too bad. too sad.

[TechZ]

Sony faces Californian class-action suit & likely a 2nd US suit

With the serious issues Sony has caused with its CD's rootkit based DRM technology, they now face a class-action Californian lawsuit and as well as a 2nd nation-wide US lawsuit, which is expected to be filed in a New York court
Sony sued over Playstation, PSP

But Sony is also being sued by a firm which alleges it has breached multiple patents with its Playstation and PSP.

EMI quick to distance itself from Sony over Rootkit DRM

EMI publicly announced that any DRM software they use can be easily removed if the user does not want to listen to the cd anymore. EMI reiterated that its DRM program does not leave traces of itself on the users system and does not run in the background. EMI has also publicly distanced itself from First 4 Internet the company that developed Sony's DRM rootkit, saying that they were not working with First 4 Internet. Though EMI did say that they were trialling other content protection from companies such as Macrovision's, SunnComm and Sony.

Sony's Smaller Patch Brings Up "Blue Screen Of Death" & VIRUS!

Sony BMG Music Entertainment on Tuesday re-issued the patch that reveals the copy-protection files some of its audio CDs install on PCs, but continued to be blasted by security experts outlining more details of the under-fire technology. The revised patch, which Sony labeled "Service Pack 2a," differs from the original released last week only in size; it's a third as large, weighing in at 1.5MB compared to the first version's 3.6MB. In related news, the first virus exploiting the incredible Sony DRM CD protection rootkit has been spotted! Breplibot.b is a file 10240 bytes in size, packed using UPX. When launching, the backdoor copies itself to the Windows system directory as $SYS$DRV.EXE. Using this name makes it possible for the Sony rootkit technology to be used to hide the activity of the malicious program. Of course, the backdoor's activity will only be hidden if DRM protection, as used on some Sony Audio CDs, functions on the victim machine.

Computer Associates blacklists Sony DRM

Computer Associates has officially blacklisted the Sony BMG XCP Technology that the record label bundles with several of its audio CDs. CA's PestPatrol anti-spyware application now offers users the ability to remove the application, which it refers to as a Trojan horse.

Sony suspends controversial CD production

Sony is to suspend production of CDs using its controversial content protection technology, currently being exploited by a Trojan virus. The technology employed by Sony to protect its music from illegitimate use was picked up by security software as a rootkit which hid files from Windows and made them impossible to detect. But simply using letters '$sys$' in a filename means that any such file will be hidden, even malicious files. And this is exactly what has happened with the latest virus.

Sony says it has 'swiftly provided a patch to all major anti-virus companies and to the general public that guards against precisely the type of virus now said to exist' and that the virus poses no threat when these CDs are played on conventional CD and DVD players. The patch can be downloaded from the Sony website. The effectiveness of this patch has been called into question by the researcher who first discovered the 'rootkit' problem.

Full story: PC Pro | Download patch

'Bots' for Sony CD software spotted online

A first wave of malicious software written to piggyback on Sony BMG Music Entertainment CD copy protection tools has been spotted online, computer security companies said Thursday. The first version of a Trojan horse spotted early Thursday, which aims to give an attacker complete remote control over an infected computer, didn't work well. But over the course of the day, several others emerged that apparently fixed early flaws.

"This is no longer a theoretical vulnerability, it is a real vulnerability," said Sam Curry, vice president of Computer Associates' eTrust Security Management division. "This is no longer about digital rights management or content protection, this is about people having their PCs taken over."

Full story: C|Net News

[rgharper]

Latest Development: Microsoft will include the Sony Rootkit in December in both their Malicious Software Removal Tool and the Microsoft Anti-Spyware product:

http://blogs.technet.com/antimalware/

[Ferrit]

Its dam well about time someone called a spade a spade.
I hope after this fiasco the person responsible is put out of their misery.
An example needs to be made to send a clear message to anyone or any company in future considering this type of thing
Thank you Microsoft.
(man i never thought I would say that

[NooNoo]

Oh the glee!

[TechZ]

Microsoft Corp. will start deleting the rootkit component of the controversial DRM scheme used by Sony BMG Music Entertainment. The software giant's Windows AntiSpyware application will be updated to add a detection and removal signature for the rootkit features used in the XCP digital rights management technology.

According to Jason Garms, group product manager in Microsoft's Anti-Malware Technology Team, the rootkit removal signature will be pushed out at Windows users through the anti-spyware application's weekly signature update process.

Full story: eWeek

[confus-ed]

Mmmm ..

As far as I can follow the copy protection mechanisms, M$ removing the rootkit, will mean that users of these sony disks won't be able to play them, without re-installing s/w &/or a patch - so somebody won't be popular either way ..

[Pirate Mode] Aarrrrrrrr it be the Curse of DRM ! It be ! Aaaarrrrrrrr ! .. RIP DRM says I, aaaaaaaaaaaaaaarrrrrrrrrrrrrr [oh yeah, end mode, aar-aaa-ha-ha! ]

[NooNoo]

I am sooo glad this is all biting them on the derriere... now maybe they will sit down together as an industry and work out a way of protecting copyright without foulling up someone's computer. If the industry 15 years ago had used the internet as a point of sale instead of denying it's existence as "here be pirate dragons" by now we would have all had a system that works.