Author Topic: Sony - Audio CD's - Rootkits  (Read 8599 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20208
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Sony - Audio CD's - Rootkits
« on: November 03, 2005, 11:35:37 AM »
In his October 31 Newsletter, Aaron was among the first to spread the word about Sony's use of DRM in their Audo CD's.  (Discussion topic here)

It appears that the pressure from the security community worked! 

Sony to patch copy-protected CD


By John Borland
Staff Writer, CNET News.com
Published: November 2, 2005, 10:55 AM PST

Quote
Earlier in the week, security experts said that anticopying technology used by Sony BMG could be adapted by virus writers to hide malicious software on the hard drives of computers that have played one of the CDs. The antipiracy tool is included on many of Sony BMG's latest music releases, from Van Zant to My Morning Jacket.

Sony BMG's technology partner First 4 Internet, a British company, said Wednesday that it has released a patch to antivirus companies that will eliminate the copy-protection software's ability to hide. In consequence, it will also prevent virus writers from cloaking their work using the copy-protection tools.

The record label and First 4 Internet will post a similar patch on Sony BMG's Web site for consumers to download directly, the companies said.

See link above for the full story.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20208
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Sony - Audio CD's - Rootkits
« Reply #1 on: November 08, 2005, 03:03:37 PM »
Full Story:  Sony Copy Protection Patch Can Crash Windows

Quote
"Sony’s uncloaking patch puts users systems at risk of a blue-screen crash and the associated chance of data loss," claimed Mark Russinovich, the chief software architect at Winternals Software, on his  blog. "[This] type of cloaking prohibits safely unloading the driver while Windows is running."

The crash could happen as the patch is installed, said Russinovich.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline roddy32

  • LzD Fallen Heroes
  • Hero Member
  • *****
  • Posts: 1075
    • View Profile
Re: Sony - Audio CD's - Rootkits
« Reply #2 on: November 12, 2005, 04:33:55 PM »
Bleeping Computer has published a guide to remove this.
http://www.bleepingcomputer.com/forums/topic34904.html
Microsoft MVP Consumer Security 2006 - 2012

Log'N'Rock Computer Security


Offline mitch

  • Hero Member
  • *****
  • Posts: 729
    • View Profile
Re: Sony - Audio CD's - Rootkits
« Reply #3 on: November 14, 2005, 01:33:34 PM »
help is on the way from micro$oft !!!
it's anti-spyware and malisous software programs will get it soon !

http://news.com.com/Microsoft+will+wipe+Sonys+rootkit/2100-1002_3-5949041.html?tag=nefd.top

 :D

Offline Die Hard

  • LzD Fallen Heroes
  • Hero Member
  • *****
  • Posts: 971
  • The Northern Berserk
    • View Profile
Re: Sony - Audio CD's - Rootkits
« Reply #4 on: November 14, 2005, 01:45:54 PM »
What a massive backlash and loss of reputation on their behalf this whole issue has had.

With all justification, in such a big organisation as Sony, there ought to have been at least one person who should have said " hold your horses, we can´t do this"

I , for once, will look carefully next time I buy a CD for the label and if it says "Sony" I will leave it in the store

Die Hard :)
I create and edit my posts in GS-NOTES

Offline roddy32

  • LzD Fallen Heroes
  • Hero Member
  • *****
  • Posts: 1075
    • View Profile
Re: Sony - Audio CD's - Rootkits
« Reply #5 on: November 14, 2005, 01:48:44 PM »
I posted that article at CNET Mitch and forgot to post it here.  :) Good plan by Microsoft.

Die Hard, you are absolutely correct. I'm sure there are some heads flying in that company now.
Microsoft MVP Consumer Security 2006 - 2012

Log'N'Rock Computer Security


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20208
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Sony - Audio CD's - Rootkits
« Reply #6 on: November 19, 2005, 10:20:54 PM »
See Welcome to the Sony BMG XCP Exchange program for a list of Sony CD's containing the rootkit and instrutions on obtaining a replacement.  Also of interest is Sony, Amazon Detail CD Buyback by Brian Krebs.

Not sure what a rootkit is or what it does?  Check out Alex Eckelberry's blog writeup here:  Rootkits are NOT acceptable under ANY means.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Die Hard

  • LzD Fallen Heroes
  • Hero Member
  • *****
  • Posts: 971
  • The Northern Berserk
    • View Profile
Re: Sony - Audio CD's - Rootkits
« Reply #7 on: November 20, 2005, 08:23:01 PM »
WOW !!   :P
A total defeat on Sony´s behalf

http://www.upsrow.com/sonybmg/
Quote
You can exchange your SONY BMG compact discs (CDs) containing XCP content protection software for replacement versions of the same CD(s) without the XCP software. 

Quote
you can update or uninstall the XCP software at http://cp.sonybmg.com/xcp. We have also provided major software and anti-virus companies with this security update. If you receive regular security updates from a major anti-virus service, that service should provide an update covering the XCP software through the standard process.
 

They thought they were clever and only awaited the applauds. How stupid can they get?

http://insight.zdnet.co.uk/0,39020415,39237277-4,00.htm
Quote
How do we remove rootkits?
There is only one guaranteed way to remove a rootkit: you destroy the system and then rebuild it. There is no other way to reliable remove a rootkit — no other way whatsoever.

You can't delete the file or even reinstall the operating system over the top of the existing OS — which is a horrible practice anyway. It is super important to nuke the system because a rootkit's primary function is stealth — what is it hiding? Do you know? Usually not. How can you reliably know what it was hiding, what it was compromising or what it was removing?

 

Every hacker and script-kid in the world would want to write a rootkit by now with the massive attention this issue has had.
What do we , who are active in the antispyware/antivirus world, have to expect in the near future?

Die Hard
I create and edit my posts in GS-NOTES

Offline roddy32

  • LzD Fallen Heroes
  • Hero Member
  • *****
  • Posts: 1075
    • View Profile
Re: Sony - Audio CD's - Rootkits
« Reply #8 on: November 20, 2005, 08:39:44 PM »
More mayhem.  :shock:

This whole issue was just another reason why I use a 35 dollar boombox to play CD's on instead of the computer. The music sounds the same and there is no risk involved.
Microsoft MVP Consumer Security 2006 - 2012

Log'N'Rock Computer Security


Offline Jason

  • Sr. Member
  • ****
  • Posts: 321
  • The Onomatopoetic
    • View Profile
Re: Sony - Audio CD's - Rootkits
« Reply #9 on: November 21, 2005, 02:15:33 PM »
Corrine :rose:

Your efforts in providing interesting links is truly beneficial in contrast to the Sony BMG shameful behaviour.

I fully agree with me mate Die Hard on those "clever-Trevor" suits awaiting the applauds in the board-room, but they sure aint gonna get any from my direction...
Some companies learn the hard way the sour taste of underestimating the power of customers in rage. :P

Jason ;)
In a perfect world, spammers would get caught, go to jail, and share a cell with many men who have enlarged something, taken Viagra and are looking for a new relationship.

Offline Die Hard

  • LzD Fallen Heroes
  • Hero Member
  • *****
  • Posts: 971
  • The Northern Berserk
    • View Profile
Re: Sony - Audio CD's - Rootkits
« Reply #10 on: November 23, 2005, 10:05:03 PM »
This is no longer a wave in the antispyware world. It has become a Tsunami among artists and record customers:


Buissinessweek, nov 22
http://www.businessweek.com/technology/content/nov2005/tc20051122_343542.htm

Quote
DROP IN SALES.  In the beginning, it was cyber libertarians and outspoken consumer groups leading the charge against digital rights management (DRM). But the Sony rootkit debacle has brought the issue home even to digilliterates -- including many of the artists themselves.

"We're really upset about this," says Patrick Jordan, director of marketing for Red Light Management, which represents Trey Anastasio, former front man to jam band Phish. Anastasio's latest solo album, Shine, was released Nov. 1, just as news of Sony's rootkit was worming its way onto Internet blogs and listservs. "I'm expecting a decrease in sales," Jordan adds

Die Hard :)
I create and edit my posts in GS-NOTES

Offline Die Hard

  • LzD Fallen Heroes
  • Hero Member
  • *****
  • Posts: 971
  • The Northern Berserk
    • View Profile
Re: Sony - Audio CD's - Rootkits
« Reply #11 on: November 24, 2005, 11:35:40 AM »

Sony rootkit farce continues
 
Quote
  Three weeks after the controversy began, Sony's DRM woes are showing no sign of letting up. It has now admitted that its latest uninstall software opens a back door for hackers

Quote
Princeton University computer science professor Edward Felten and researcher Alex Halderman found that the uninstall programs responded to commands from their creators' Web sites, but would also respond to malicious instructions from other Web sites.
 

Whole story:
http://news.zdnet.co.uk/internet/security/0,39020375,39237392,00.htm

Die Hard :)

I create and edit my posts in GS-NOTES

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20208
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Sony - Audio CD's - Rootkits
« Reply #12 on: November 24, 2005, 02:46:11 PM »
Quote
Wednesday, November 23, 2005
Latest rev of CounterSpy decloaks the Sony rootkit

We have quietly released a new definition set of CounterSpy that decloaks the Sony rootkit. This means that it gets rid of the driver (Aries.sys) that gives the Sony DRM functionalist its rootkit capabilities.  This is the same thing that Windows Antispyware is doing.

However, it does not remove the Sony DRM files themselves, as doing so can wreak and cause the CD drive to become inoperable (thanks Sony).   Note that the Sophos uninstaller also just does a decloacking.
http://sunbeltblog.blogspot.com/2005/11/latest-rev-of-counterspy-decloaks-sony.html

BTW, the "Patrick Jordan" mentioned in the Business Week article isn't "our" Webhelper.  ;)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Eric the Red

  • ISO/IEC 27001:2013
  • Administrator
  • Hero Member
  • *****
  • Posts: 1618
  • Would somebody please pass me a beer!
    • View Profile
Re: Sony - Audio CD's - Rootkits
« Reply #13 on: December 17, 2005, 09:55:42 PM »
I see that Lavasoft are on the ball

Quote
Dear Lavasoft Beta Tester,

We are pleased to announce the launch of the ARIES Rootkit Remover BETA to help
remove the Sony Rootkit for good! As you know, in 2005 Sony included rootkit
style content protection software to approximately 4.7 million CDs of over 50
artists worldwide exposing consumer PCs to security holes. The DRM (Digital
Rights Management) software called XCP, developed by First4Internet, was placed.
According to Sony, about six million CDs currently have this software.

Lavasoft answers the challenge by giving you the Beta of the ARIES Rootkit
Remover (Sony Rootkit). Currently a standalone tool, this application provides a
reliable, trustworthy, and safe way of removing the root-kit, unlike Sony’s own
root-kit remover that has been known to cause blue screens.

Key Features

Our application is a stand alone application from an independent software
company. The ARIES Rootkit Remover is developed by our competent team within
Lavasoft Research & Development lab to help protect consumers rid of the rootkit
once and for all by removing the ability to run once more after reboot. To
access the application, register first as a Beta tester at Lavasoft Beta
Application Testing Registration.

Qualifications of Testers

There are no special qualifications for testers. Both users that are infected
with the root-kit and uninfected testers are encouraged to test the application.
However, the testers need to run 2000 through 2003 (or even Vista) and should
report back their OS version upon encountering problems.

For more information, see
http://www.lavasoftresearch.com/betaprogram/rootkit.php

We value your experience and feedback

If you have suggestions for additional features or changes to existing features,
let us know in your reports or by contacting us directly via
development@lavasoft.de.

Best regards,


(Ms) Hanna Kristensson
Research & Development Team
Lavasoft AB (Gothenburg, Sweden)
http://www.lavasoft.com
http://www.lavasoftresearch.com

"The time to start running is around about the "e" in "Hey, you!" "

The information I provide is provided "AS IS" without warranty, and confers no rights.