News source: neowin.net

In what's set to be 2005's hottest story yet Sony have been found to install illegal Trojan horse-based digital restrictions management (DRM) technology that installs itself as a rootkit on Windows PCs.

Users who purchase certain Sony Music CDs from online stores like Amazon are subject to this rootkit being installed on their machines. According to Sysinternals' Mark Russinovich the kit installs itself in hidden directories and attempts to mask its existence as "Essential System Tools".

What's more fun is that attempting to remove the rootkit with common tools that perform a RKR scan will render a Windows XP machine useslesss. "Users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files," Mark wrote in an online blog entry yesterday.

So what exactly is Sony playing at? Installing rootkit software that's not identified in its EULA and rendering machines useless if users try to remove the software! This is taking the RIAA effort a little too far.


View: Sysinternals blog entry




So basically, its safer to download an illegal cd than to buy one.

I'd say a ban on any Sony CD is in order. They think illegal downloads are hurting their sales? What do they think this kind of thing is going to do to them?

I can smell trouble brewing in "Hooterville".

Indeed, Mr. Haney is up to something!

He's in leage with Arnold the pig.

I posted the same thing last night in the "Cracking CD Copy Protection" thread of Joseph's since it dealt with copy protected cds

Spooky stuff, huh.

yep Just in time for Halloween to

News Source: neowin.net

Sony Back Down Over Copyright Protected CD “Viruses”

It has been reported by the BBC that Sony have come under fire after their XCP software, which is used to make CD’s unusable by media players in windows, was referred to as “malware”. Sys Internals owner Mark Russinovich came across some rootkits when searching his computer. He was confused as to where these had come from, as he only uses trusted software and browses the web safely.

Mr Russinovich said "Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall," In his blog, and also stated that when accepting the license agreement it made no mention that the software could not be uninstalled or of the significant changes that the programme made to his computer.

Sys Internals, whose software offers users the ability to search for rootkits say that users trying to remove the XCP rootkits could wreck their system. Sony has responded to this by offering a form which is sent to customer services, who will respond with software that will enable you to remove this software. XCP is currently being used on over 20 titles, equating to more than 2 million discs sold with the XCP software.

View: XCP Uninstall Software Form

Yeah, I read about this, can it be legal?

Unbelievable.
How on earth did they think they would get away with this sort of tactic?
I guess I`ll be looking closely at what I buy from now on.

It would be legal if they had put it in an EULA, but evidently they did not.

news source neowin.net

Last week we reported on the hidden files that some Sony CDs install on Windows machines, quoting Sys Internals concerns that the software and files could not be easily removed. Facing unrest from the masses Sony issued a uninstall patch, but Sys Internals Mark Russinovich was unimpressed.

Following that Russinovich did more research into the hidden files, and even posted a screen shot of a ‘Blue Screen of Death’ with the cause being one of Sony’s hidden files. This backed up his point that the file could lead to system instability. Speaking about the creators of the copy protection software Russinovich said "Because the software that installed the rootkit is hidden when Windows is running (in this case Sony’s software), and even if exposed not clearly identified, if an application triggers one of [the driver's] bugs a user would have no way of associating the driver responsible for the crash with any software they have installed."

Following more concern Sony has released a revised patch, which they have called Service Pack 2a, which is now over half the size, and can be downloaded directly.

Updated sysinternals blog

Sony service pack 2a

You know it had to happen.

News source: theregister.co.uk

First Trojan using Sony DRM spotted

"Roots you, Sir
By John Leyden
Published Thursday 10th November 2005 13:25 GMT
Get breaking Security news straight to your desktop - click here to find out how

Virus writers have begun taking advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its music CDs.

Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory.

"This means, that for systems infected by the Sony DRM rootkit technology, the dropped file is entirely invisible to the user. It will not be found in any process and file listing. Only rootkit scanners, such as the free utility RootkitRevealer, can unmask the culprit," warns Ivan Macalintal, a senior threat analyst at security firm Trend Micro

The malware arrives attached in an email, which pretends to come from a reputable business magazine, asking the businessman to verify his/her "picture" to be used for the December issue. If the malicious payload contained in this email is executed then the Trojan installs an IRC backdoor on affected Windows systems.

Romanian anti-virus firm BitDefender confirms that the malware is in the wild but a full technical analysis of the Trojan is yet to be completed. The response of anti-virus firms, some of which have only promised to flag up rather than block system changes made by Sony-BMG's rootkit, remains unclear. ®



Also in the news:

News source: EFF

"Sony-BMG Rootkit: EFF Collecting Stories, Considering Litigation
November 09, 2005

EFF is collecting stories from EFF members and supporters who have purchased Sony-BMG CDs that contained the "rootkit" copy protection software. We've previously posted at least a partial list of CDs infected here

We're considering whether the effect on the public, or on EFF members, is sufficiently serious to merit a lawsuit.

If you satisfy the following criteria, we would like to hear from you:

1. you have a Windows computer;
2. First 4 Internet's "xcp" copy protection has been installed on your computer from a Sony CD (for more details, see our blog post referenced above or SysInternals blog);
3. you reside in either California or New York;
4. you are willing to participate in litigation.

We have not made any final decisions about filing any legal action, but we would like to hear from music fans who have been harmed by the Sony-BMG "rootkit" copy protection technology. Please contact allison@eff.org.
"

EFF wants your help to sue Sony

News source: Eweek

Microsoft to Zap Sony DRM 'Rootkit'

By Ryan Naraine
November 12, 2005


"...Microsoft Corp. will start deleting the rootkit component of the controversial DRM scheme used by Sony BMG Music Entertainment.
ADVERTISEMENT

The software giant's Windows AntiSpyware application will be updated to add a detection and removal signature for the rootkit features used in the XCP digital rights management technology.

According to Jason Garms, group product manager in Microsoft's Anti-Malware Technology Team, the rootkit removal signature will be pushed out at Windows users through the anti-spyware application's weekly signature update process.

Detection and removal of the XCP rootkit will also appear in Windows Defender, the next version of Windows AntiSpyware when that makeover ships.

"We also plan to include this signature in the December monthly update to the Malicious Software Removal Tool [and] it will also be included in the signature set for the online scanner on Windows Live Safety Center," Garms announced in an blog entry.

Garms said an analysis of the XCP software that ships on about 20 Sony BMG Music CDs led to the determination that zapping rootkit would protect Windows users.

"We are concerned about any malware and its impact on our customers' machines. Rootkits have a clearly negative impact on not only the security, but also the reliability and performance of their systems," Garms added.

He said an "a set of objective criteria" was used to make the decision to classify the XCP software for detection and removal by the anti-malware technology.

The Microsoft move comes 24 hours after Sony announced it would stop production of music CDs that use the XCP technology and re-examine its DRM initiative to make sure it has balanced ease of use for consumers with security.

The XCP technology, created by U.K.-based First 4 Internet Ltd., manipulates the Windows kernel to make it almost virtually undetectable on Windows systems and nearly impossible to remove without possibly damaging the Windows operating system."...

News Source: security.ithub.com


Sony's DRM Rootkit Comes in Mac Flavor, Too

"Sony's DRM Rootkit Comes in Mac Flavor, Too
By Larry Loeb
November 11, 2005
Opinion: Sony says it will discontinue distribution of its DRM software, which could pose a "rootkit" security threat to users. But does that include the OS X version?

Sony is reportedly pulling its digital rights management "rootkit" from the market. But it isn't reporting everything.

"The Sony copy-protection software does not install itself on Macintosh computers or ordinary CD and DVD players," Reuters reported today. There's just one problem with that statement: it happens to be flat-out wrong. While the XCP version of copy protection is for Windows, there is another Mac-only version of copy protection installed by Sony/BMG CDs.

To establish this point, one simply has to refer to a poster on the popular Macintosh site MacInTouch. The poster notes that Imogen Heap's new CD, "Speak for Yourself," on RCA Victor (a BMG subsidiary), has an extra partition for "enhanced" content. Along with Windows files, there is a Mac file present called "Start.app."

When run, a EULA is first displayed (which does inform the user that software is going to be installed without saying exactly what that software will do).

The user then is prompted by the program for a user name and password. After that information is provided, the program seemingly quits. However, it actually installs two kernel extensions, PhoenixNub1.kext and PhoenixNub12.kext, in the OS X system files.

These turn out to be part of a DRM codebase developed by SunnComm.

According to the SunComm Web site, their MediaMax DRM allows for a limited amount of CD burns from the source material, and then will block further copying. The DRM also can make time-expiring (or number-of-play-expiring) copies of the tracks.

Repeated calls to SunComm for comment were not returned by the time this article was posted.

So, while Sony may be backing down from its acts regarding Windows modification, it is yet to be seen whether the recent firestorms will cause it to pull the DRM installed on Macs."


At least they didn't just pick on Windows.

There goes all that crap about being safe if you play the stuff on a Mac I just heard Amanda tell me that on the new Rocketboom that I downloaded today I wonder if she will pick up on that story now the Mac is no longer safe

I think to stop this sneaky crap , everyone should just QUIT buying music for one month world wide !!!
What pisses me off , this BS was said about Reel-to-Reel , 8-tracks , cassettes , and no big Money losses ! So whats the big deal with the internet ???
I remember as a kid dozens of copied music cassettes were traded with one another .
Is it because of the quickness & quality of copying CD's with the PC the reason of all the Hoopla ? or just the Record labels Creating the BS pool & have a way now to find with ease the people copying the music over the Internet???

They figure if they can sue you, they can make extra bucks. And if they can't they'll give you a little something to remember them by.

Its sad the world has become SUE happy , for anothers benefit
just big money bullying the little guy , like I mentioned before , just quit buying music , before to long the bands will get together and build their own record label and make it work !
I think keeping the copying in the news just makes people more spitefull and do it just for spite !!!

Full list of Sony's CD's with XCP Copy Protection
http://cp.sonybmg.com/xcp/english/titles.html

Good find.

Read This

It seems like you could also just scratch the out edge of the disc and permanently damage the 2nd session area of the disc where the offending software lies.

Or just disable autoplay/hold down the shift key.

Where's the fun in that? I want actual damage.

Damage you want? Well it's possible that with a piece of tape, you might cause a rotation problem with the balance of the disk and damage your drive?

That's why i suggest damaging the offending disc and not the drive itself.

Hey, why not get a two fer one?

New Sony CD security risk found

Sony BMG Music Entertainment and the Electronic Frontier Foundation digital rights group jointly announced Tuesday that they had found, and fixed, a new computer security risk associated with some of the record label's CDs.

The danger is associated with copy-protection software included on some Sony discs created by a company called SunnComm Technologies. The vulnerability could allow malicious programmers to gain control of computers that have run the software, which is typically installed automatically when a disc is put in a computer's CD drive.


The issue affects a different set of CDs than the ones involved in the copy-protection gaffe that led Sony to recall 4.7 million CDs last month, and which has triggered several lawsuits against the record label.


The list of affected cds can be found at http://sonybmg.com/mediamax/titles.html

WTF?! Is Sony becoming the new Microsoft? This sounds just like every single Windows Update page that I've ever seen. "We've identified a security flaw that could allow someone to gain control of your system." blah blah blah. Now you can't even listen to a CD without the possibility of getting screwed.

I've been closely examining cd's I own and intend to buy. I'm giving anything with "Sony" on it a big strawberry.

Yeah, any Sony artist will be SOL in my book.

Looks like Sony is looking to settle as they just sent me an email on what is happening. If anyone has been affected by Sony's cds , they can go to http://www.sonybmgcdtechsettlement.com/ to see what it takes to file a claim.

The cds are listed at http://www.sonybmgcdtechsettlement.com/CDList.htm , so if you have one of those then you can more then likely file a claim safely. Make sure to read the first link I provided carefully as that tells you what hoops you need to go through to file a successfull claim

I hope it was worth it...dumbasses. How much will all the settlements cost them as opposed to the money they saved in piracy?

Looks like LavaSoft, the makers of Ad Aware has released a sony rootkit remover You can check it out at http://www.lavasoftusa.com/software/rootkit/

This should help out those worried they could not remove the crap sony put on their computer

Good find. A sony removal kit.

AVG released an Anti-Rootkit at http://free.grisoft.com/doc/download-free-anti-rootkit/lng/us/tpl/v5

AVG Anti-Rootkit is a powerful tool with state-of-the-art technology for detection and removal of rootkits. Rootkits are used to hide the presence of a malicious object like trojans or keyloggers on your computer. If a threat uses rootkit technology to hide itself it is very hard to find the malware on your PC. AVG Anti-Rootkit gives you the power to find and delete the rootkit and to uncover the threat the rootkit is hiding.

DL.TV talked about it on todays podcast

http://www.vnunet.com/vnunet/news/2197450/sony-caught-playing-rootkits
Sony caught playing with rootkits again

Sony's Microvault USB memory key software could render users vulnerable to a malware attack, security vendor F-Secure has claimed.

The Sony devices feature an integrated fingerprint reader that allows the user to securely store information. Unlocking the information, however, requires the installation of special software on a Windows computer.

Was just reading about that at another site. Here they go again with the lawsuits. Even though Sony didn't do it this time.

I have yet to read the full article I thought I would pass it on.

A quick quote from where I was reading.

neowin.net

...""Sony doesn't do any of its own development in this area; it looks like a Chinese company did it," said Mikko Hypponen, F-Secure's chief research officer. Less than two weeks after the first reports of Sony’s mishap, new Trojan horses used Sony’s code to hide from security software. The MicroVault software is cloaking the folder for good reason: to protect the fingerprint reader's authentication files from being tampered with or circumvented. "What's not justified is that others can use this folder," said Hypponen. "....

Whole story here: http://www.infoworld.com/article/07/08/27/Sony-uses-rootkits-charges-F-Secure_1.html

More Sony news
http://arstechnica.com/news.ars/post/200...sing-warez.html

Sony BMG's hypocrisy: company busted for using warez

Glad I don't put sony cd's in my precious apple.

If your a windows user, I just saw that Spybot http://www.spybot.info/en/index.html has definitions for 3 different rootkits

Saw that myself when I got the updates. I saw it right next to the keylogger update.