[INFO] Oh dear, Sony + CPCD (DRM) = rootkit

Discuss whatever you like here! ( ...that's not spam!)

Moderators: Support Staff², Support Staff, AvantGuard, Developer

Post Reply
User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

[INFO] Oh dear, Sony + CPCD (DRM) = rootkit

Post by MysteryFCM » Tue Nov 01, 2005 10:57 am


Sergei
AvantGuard
AvantGuard
Posts: 2488
Joined: Fri Sep 19, 2003 5:09 am
Windows Version: Windows
Avant Version:
Location: Galway, Ireland
Contact:

Post by Sergei » Thu Nov 03, 2005 1:44 am

What are they thinking? Requiring you to install something that is spyware by any definition. Hiding stuff from you on your own PC. Idiots.

I came across this story earlier today via Boing Boing, a feed/blog I would seriously recommend to everyone who cares about the Internet. Anderson made it one of the default ones! http://www.boingboing.net

In related news, Hollywood studios lobby to control all digital video.

The essential point of this is that the movie industry is trying to find ways to make it illegal for you to use a TiVo or a TV card or any form of digital video recorder. They reckon that as time-shifting represents "added value", we should be charged for it. And so even though it's perfectly legal now to record TV to watch it later, they think it should be made a criminal offense - unless we pay their new fees.

Again, idiots.
My Cartoons
:
IE7 ][ Windows XP Tablet PC Edition 2005 ][ Avast! Antivirus ][ Kerio Firewall ][ DSL

User avatar
KY Dave
Avant Fanatic
Avant Fanatic
Posts: 390
Joined: Mon Dec 01, 2003 1:53 pm
Windows Version: XP Home, Pro, Vista, Win 7
Avant Version: 11.7 build 46SR
IE Version: 8.0.7600.3865
Location: Burkesville, KY
Contact:

Post by KY Dave » Thu Nov 03, 2005 1:55 am

Image

RootkitRevealer is an advanced patent-pending root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!

The reason that there is no longer a command-line version is that malware authors have started targetting RootkitRevealer's scan by using its executable name. We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version's behavior.

RootkitRevealer Home Page
Download RootkitRevealer 190 KB

RootkitRevealer is currently FREE.

This program doesn't remove the rootkit, it just scans your system and lets you see what's actually in there.
KY Dave

Family Blog

Sergei
AvantGuard
AvantGuard
Posts: 2488
Joined: Fri Sep 19, 2003 5:09 am
Windows Version: Windows
Avant Version:
Location: Galway, Ireland
Contact:

Post by Sergei » Thu Nov 03, 2005 1:35 pm

I tried that. It found five things in my TIF folder - two of which are cookies from this very board!

Now what...?
My Cartoons
:
IE7 ][ Windows XP Tablet PC Edition 2005 ][ Avast! Antivirus ][ Kerio Firewall ][ DSL

User avatar
MysteryFCM
Administrator
Administrator
Posts: 7330
Joined: Tue Dec 09, 2003 2:34 am
Windows Version: 10, 8.0, 8.1, 7, Vista, XP
Avant Version: 13.00 Build 23
Default engine: Gecko
IE Version: 7.x, 8.x, 9.x, 10.x, 11.x
Skin: AthenX
Location: Newcastle Upon Tyne, UK
Contact:

Post by MysteryFCM » Fri Nov 04, 2005 10:48 am

From the Spyware Info newsletter.
Even More About Sony's Rootkit

News certainly happens fast sometimes. In between the time I first heard of this Sony rootkit and the time I finished writing about it, the story exploded around the web. Sony appears to have been caught flat-footed by the sudden, highly-negative publicity.

One aspect of this rootkit, which I didn't mention in my first article, is that it allows someone to hide any file or memory process on the system. All you have to do is add a certain word to the beginning of the file's name and you'll never see it again (without a rootkit detector anyway). Some people speculated that this situation could be put to nefarious use.

I did not mention this in the earlier piece because it was unlikely to be of much danger. A malware creator would be relying on dumb luck to protect his software. What I didn't consider was a person buying a Sony CD with the intention of using the rootkit for his own, less-than-honorable intentions.

Well, that is exactly what has happened. In another part of this same newsletter, I mention the controversy surrounding World of Warcraft's Warden anti-cheat program. That is a program which searches a computer's memory for evidence of a program used to cheat at the game. After word of Sony's rootkit made the news, some of these cheating programs were altered to take advantage of it.
Full article: http://www.spywareinfo.net/nov4,2005#rootkitmore

Sergei
AvantGuard
AvantGuard
Posts: 2488
Joined: Fri Sep 19, 2003 5:09 am
Windows Version: Windows
Avant Version:
Location: Galway, Ireland
Contact:

Post by Sergei » Fri Nov 04, 2005 11:36 am

Sony have realised what a &*^#-up this is, and have issued a patch to remove the rootkit.
My Cartoons
:
IE7 ][ Windows XP Tablet PC Edition 2005 ][ Avast! Antivirus ][ Kerio Firewall ][ DSL

TomServo
AvantGuard
AvantGuard
Posts: 1791
Joined: Thu May 08, 2003 9:13 pm
Windows Version: Windows
Avant Version:
Location: The Motor City
Contact:

Post by TomServo » Fri Nov 04, 2005 12:16 pm

But... the Sony Root kit kills the WoW spyware though... it can't be ALL bad? ;)
'Minimal collateral damage' and 'entire star system' do /not/ belong in the same sentence.
- Schlock Mercenary

Website: http://www.alteviltech.com/

User avatar
KY Dave
Avant Fanatic
Avant Fanatic
Posts: 390
Joined: Mon Dec 01, 2003 1:53 pm
Windows Version: XP Home, Pro, Vista, Win 7
Avant Version: 11.7 build 46SR
IE Version: 8.0.7600.3865
Location: Burkesville, KY
Contact:

Post by KY Dave » Sat Nov 05, 2005 2:25 pm

PC World wrote:Software Phones Home?
In his Web log posting today, Russinovich also published further research showing that the XCP software appears to be in communication with Sony's Web site, something that had not previously been disclosed.

The client appears to connect with Sony's servers looking for updates to lyrics or album art, but the way the software operates raises some privacy concerns, Russinovich said. "I doubt Sony is doing anything with the data, but with this type of connection their servers could record each time a copy-protected CD is played and the IP address of the computer playing it," he wrote in his blog posting.

Sony is not using the software to gather information on its users, said company spokesman John McKay. "No information ever gets gathered, that's for sure," he said.
Depends on what you consider BAD...

Do you think this ROOTKIT reporting to SONY everytime the CD is played and on what IP the computer playing the CD is located is BAD?

The article also states, 'the patch might crash Windows'.
KY Dave

Family Blog

Post Reply