[46480]

That's good to hear.

Hope that other countries do the same.

 

[Player-X]

First Trojan using Sony DRM spotted

First Trojan using Sony DRM spotted


Virus writers have begun taking advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its music CDs.

Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory.

"This means, that for systems infected by the Sony DRM rootkit technology, the dropped file is entirely invisible to the user. It will not be found in any process and file listing. Only rootkit scanners, such as the free utility RootkitRevealer, can unmask the culprit," warns Ivan Macalintal, a senior threat analyst at security firm Trend Micro

The malware arrives attached in an email, which pretends to come from a reputable business magazine, asking the businessman to verify his/her "picture" to be used for the December issue. If the malicious payload contained in this email is executed then the Trojan installs an IRC backdoor on affected Windows systems.

Romanian anti-virus firm BitDefender confirms that the malware is in the wild but a full technical analysis of the Trojan is yet to be completed. The response of anti-virus firms, some of which have only promised to flag up rather than block system changes made by Sony-BMG's rootkit, remains unclear. ®

How could I miss this and not post it for so long?

 

[Foxfyre]

Just an addition to the above post:

http://www.vnunet.com/vnunet/news/2145874/virus-writers-exploit-sony-drm

Iain Thomson and Tom Sanders, vnunet.com 10 Nov 2005
ADVERTISEMENT

Virus writers have already started to exploit Sony's controversial digital rights management software, which uses a rootkit to hide the code and ensure that the CDs are not copied.

A new Trojan, Troj/Stinx-E, has been mass-mailed to UK email addresses. The worm is a variant of what McAfee referred to as the Brepibot virus that was first discovered on April this year. BitDefender calls the new worm Backdoor IRC Snyd A and F-Secure Breplibot.B.

The new version has been altered to exploit a feature in the XCP digital rights management technology for Windows systems that comes bundled with several audio CDs from the Sony BMG record label. The software will automatically install the first time a user tries to play an infected audio CD on his computer's CD Rom drive.

In addition to digital rights manament technology, CD also installs a so-called root kit that hides files from the user and the system, including anti-virus software. Security experts have argued that it is extremely poorly engineered and that worm authors can exploit it by simply placing the characters "$sys$" in front of a file name.

The new variant of the Stinx trojan tries to do exactly that.

"Sony started off with the right intentions but did not recognise the implications of what it was doing," said Graham Cluley, senior technology consultant at Sophos.

"We've had companies calling up all day asking what to do with this. We feel sorry for the musicians; if you look on Amazon right now reviewers are telling people not to buy the album, not because of the music but because of the copy protection.

Systems that don't have the Sony rootkit installed have little to fear as their existing anti-virus software is likely to spot and smother the threat. Sony has shipped about 2 million audio CDs with the XCP technology. There is no data to determine how many of those have been used on Windows computers, but the limited number of shipped CDs caused McAfee to rate the trojan's threat level as "low".

The rootkit in theory should help the worm to dodge detection by the virus scanning software. But the worm's authors however have made several design errors that will prevent it from causing any real harm, said anti virus provider F-Secure.

"If the Sony DRM rootkit is active (hiding) in the system during infection, the bot will not run at all. Moreover, the bot cannot survive a reboot because of a programming error," said F-Secure's Mika Pehkonen.

Sony has always maintained that its DRM technology is harmless and despite widespread criticism from the security community claims that it doesn't have any security risks associated with it. Vnunet.com was unable to reach the firm. It's media relations depertment doesn't answer the phone and the number's voicemail box has been disabled.

This worm however proves the record label wrong. "This is a very good example of why software should not use rootkit hiding techniques," said Pehkonen.

Sophos has promised to issue a tool later today which will permanently disable the Sony copy protection software and allow antivirus engines to delete the malware.

Cluley stressed that Sophos will support the technology when Sony comes up with a copy protection system that does not leave such a "massive backdoor" on users' machines.

Other companies have also reacted against the Sony DRM software. Computer Associates has blacklisted the code, which it defines as a Trojan horse, and computer experts have also been highly critical of the software.

The DRM code was developed for Sony by UK firm First 4 Internet.

 

[Hard core Rikki]

That's good to hear.

Hope that other countries do the same.

UPDATE. California and New York are next. Since Sony is ALREADY guilty, let's hope we get at least uncrippled copies of our "protected" CDs, or a refund, if not our rights back

 

[zman982]

Saw this on digg. Someone guy posted on his blog a very simple way over getting around the Sony DRM. Since the rootkits renames the hidden files as $sys$, the guy just renamed his CD burning software with the $sys$ in front of it and just like that he was able to rip and burn any CD.

Can you say irony.

Anyway his blog post can be found here: http://newtechinc.blogspot.com/2005/11/using-sonys-drm-against-itself.html

 

[Player-X]

I wonder will this hide all the CS hackesr from VAC

 

[Hard core Rikki]

Macs arent safe from this stuff http://www.macintouch.com/#tip.2005.11.10.sony

By the way, did anyone REALLY take the time to read and fully understand SONY-BMG's EULA? The EFF did, and the'y're sharing their opinion on how much people got screwed:

http://www.eff.org/deeplinks/archives/004145.php

http://www.sysinternals.com/blog/sony-eula.htm if you haven't already read Sony's EULA. Try finding something positive in it that isn't already covered by fair use.

 

[F-3582]

This is insane! They are treating music like a part of software. Do those CDs even play in a "un-approved" CD player? Like my old CD radio which is certainly not on their list

 

[Hard core Rikki]

Agreed. Signing EULAs and contracts "just for" listening to music you bought is just unacceptable. Under those circumstances, the situation in wich they put their legit is the following: "cough yer dough and blood, and get no more than the FM radio already gives you".

Surely SONY isn't the only company doing this. It only got our attention because we're expecting their PS3

Folks, we've been ranting all over Sony's rootkit, but back to the gaming sphere, isn't Starforce doing something similar, yet we hear nothing from anyone? Does that means you guys tolerate Starforce on your systems but not Sony's XCP? What about our privacy? Our rights?

 

[Player-X]

Does that means you guys tolerate Starforce on your systems but not Sony's XCP?

Actuaily no we still hate it but it's not as bad most of the time and it is easily removable compared to XCP

and besides:

 

[F-3582]

Surely SONY isn't the only company doing this. It only got our attention because we're expecting their PS3

Shouldn't we somehow keep in mind that SONY is a huge corporation with lots of different branches? I mean, I don't think that Sony Computer Entertainment International/Japan/America/Europe has anything to do with SONY-Music/Sony-BMG/Sony-Whatevar. Of course, I share your opinion that Sony developed the Playstation, but too many people seem to think that the name SONY means that those two entirely different cogs in the system were connected in any way.

It's like comparing Budweiser and Budweiser.

 

[Player-X]

They still are the same company even if it's diffrent divisions so the PS3 could still use something as nasty

 

[Foxfyre]

If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.

LMFAO!!!! If somebody "burgles" my home and steal my DRM infested Sony CD and NOT my computer, there is something seriously wrong with the burglar, and my first worry would not be needing to delete those files off my harddrive!

 

[zman982]

Hmm.. I wonder if the VAIOs come with this crap already on their systems.

 

[Viper_Viper]

LMFAO!!!! If somebody "burgles" my home and steal my DRM infested Sony CD and NOT my computer, there is something seriously wrong with the burglar, and my first worry would not be needing to delete those files off my harddrive!

Yaaaaa, I am going to post some of the other stupid things that the EULA states.

1. If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.

2. You can't keep your music on any computers at work. The EULA only gives you the right to put copies on a "personal home computer system owned by you."

3. If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside.

4. You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.

5. Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm.

6. The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD.

7. If you file for bankruptcy, you have to delete all the music on your computer. Seriously.

8. You have no right to transfer the music on your computer, even along with the original CD.

9. Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.

 

[Player-X]

At least they is no part in the Eula that says you can't remember the song in your brain or any that says that it's only for your ears only even if it's a single note

 

[Hard core Rikki]

I'm glad no one has succesfully DRMed our childhood memories as well.

I don't believe Sony's Vaios computers come with XCP or the likes of it preinstalled, even if they have the chance to do that. I suppose the recent models won't anyway, after all the ruckus and controversy Sony brought up. Sony wouldn't want to bully its customers into buying hardware from competitors.

But that's not over folks. The very same Sony is using ANOTHER suspiciously behaving software marketed to "protect our right". Yeah, theirs alright. I see noone brought that up. Grown and Sexy by Babyface is "protected" with this stuff for example. And smaller labels are also using it (MediaMax). Watch out folks, this stuff might spread.

http://www.freedom-to-tinker.com/?p=925

What does it do actually?

Like XCP, recent versions of MediaMax engage in spyware-style behavior.

* Is installed onto the computer without meaningful notification or consent an even BEFORE ACTUALLY SIGNING THE ACTUAL EULA, and remains installed even if the license agreement is declined;

* Includes either no uninstall mechanism or an uninstaller that fails to completely remove the program like it claims;

* Sends information to SunnComm about the user’s activities contrary to SunnComm and Sony statements and without any option to disable the transmissions.

Does MediaMax also create security problems as serious as the Sony rootkit’s? Finding out for sure may be difficult, since the license agreement specifically prohibits disassembling the software. However, it certainly causes unnecessary risk. Playing a regular audio CD doesn’t require you to install any new software, so it involves minimal danger. Playing First4Internet or SunnComm discs means not only installing new software but trusting that software with full control of your computer. After last week’s revelations about the Sony rootkit, such trust does not seem well deserved.

Viewed together, the MediaMax and XCP copy protection schemes reveal a pattern of irresponsible behavior on the parts of Sony and its pals, SunnComm and First4Internet. Hopefully Sony’s promised re-examination of its copy protection initiatives will involve a hard look at both technologies.

 

[Hard core Rikki]

Shouldn't we somehow keep in mind that SONY is a huge corporation with lots of different branches? I mean, I don't think that Sony Computer Entertainment International/Japan/America/Europe has anything to do with SONY-Music/Sony-BMG/Sony-Whatevar. Of course, I share your opinion that Sony developed the Playstation, but too many people seem to think that the name SONY means that those two entirely different cogs in the system were connected in any way.

It's like comparing Budweiser and Budweiser.

-----------------------------------

Yes, but Sony is ONE corporation dealing with hardware/technology (consoles, music players...) and multimedia content (games, music...). Remember, those branches are tighly linked between them. It's not like one Sony division sells computer hardware and the other sells food and vaccines.

The ideas expressed in these posts expressed ressentment towards the upper management's vision about "next-gen content protection", not especially against Sony-BMG employees or anyone in particular because those high-ranked executives have been thinking about it for a while, by performing a "Copyright Vs Fair Use" bargain people didn't appreciate.

That's why people feared this would spread to the PS3 too, wich by the way might lock your games to its hardware, so this could mean no more lending/used games selling. Your games could be played only on your console, and if broken, you would have to buy new copies for all your PS3 games.

Let's hope they'll learn from their mistakes.

 

[Player-X]

I wonder how many people have been driven to pirate thier music because of copyprotection

 

[Hard core Rikki]

If this doesn't stop, probably half the legit consumers will.