Sony's been trying to roll out rootkits??!!!???

keatronkeatron Security TinkererMember Posts: 1,213 ■■■■■■□□□□
Anybody heard about Sony's rootkit? I read an article about it last month. Basically people explaining and demonstrating how Sony's DRM rootkit opened up the door for criminals to hide other malicious software and "things" in it's shadows. Looks like Microsoft called em on it.

http://www.eweek.com/article2/0,1895,1886122,00.asp

They actually thought no one would catch that? Amazing. Apparently the guys over at Sysinternals were the first to make a public statement about it. The music industry REALLY needs to wake up. What an excellent business model.....

"You are our customers and we thank you for making us rich. To show this appreciation we will install rootkits on every system you play our CD's on and expose you to security and privacy threats that you probably don't even know about. We know we should consider your safety and god knows your children's safety, but for now we feel it's more important to make sure you don't copy our CD's more than we want you to. Thanks for your business"

Way to go Sony, I mean really. icon_rolleyes.gif

Comments

  • shadown7shadown7 Member Posts: 529
    Yes, I've been following the story. I seems they pulled or are going to pull all the CD's off the store shelves that have that on them. Also, the company that made the root kit put a active X based uninstaller on their website to remove it. But, they made a mistake in the code and people who used the uninstaller now have another security problem. icon_cry.gif
  • keatronkeatron Security Tinkerer Member Posts: 1,213 ■■■■■■□□□□
    Yeah, and not only that, there are other system stability problems after the uninstall. The rootkit was designed to hide any file on a Windows system that begins with the characters $sys$. Note I said ANY file, not just the sony ones. So basically I can hide any file or program I want on some poor user's system who has listened to one of these CD's released by Sony by simply following that naming convention.

    If this were Microsoft, they'd be getting burned by the media by now.
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Sony should be totally roasted over this. Personally I think an example should be made of them and I can tell you now that if I had been effected I would be setting up a class action suit to nail them.
    www.supercross.com
    FIM website of the year 2007
  • seuss_ssuesseuss_ssues Member Posts: 629
    Not only have they been installing the "root kits" but the kit itself contains copyrighted GPL code without fulfilling the requirements of the GPL licenses.

    http://dewinter.com/modules.php?name=News&file=article&sid=215
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,082 Admin
    You can do a quick test for this rootkit on you system by creating a shortcut on your desktop named "$sys$" (no double quotes). If the shortcut disappears, you have been rootkitted by a Sony BMG music CD that you tried to play on your computer. There are two known Trojan horses that now use this rootkit, and at least one World of Warcraft hack too. Sony supposedly will be releasing a tool that will disable--but not uninstall--its rootkit technology.

    Steve Gibson and Leo Laporte have been screaming about this Sony rootkit for over two weeks now. You can find much information about in from their podcasts at http://www.grc.com/SecurityNow.htm#12 and http://thisweekintech.com/29. F-Secure also has a free rootkit detection app that can locate it, and Rootkit Revealer at http://www.sysinternals.com/utilities/rootkitrevealer.html will do the job too.

    There are also many lawsuits being filed in the USA and world-wide against Sony over this. The use of such technology is in clear violation of the U.S. Computer Abuse and Fraud Act. If the rootkit "phones home" as many people claim, then Sony might be liable under the U.S. Electronic Information Privacy Act too. Ouch!
  • keatronkeatron Security Tinkerer Member Posts: 1,213 ■■■■■■□□□□
    Ok, this is rediculous. This is a quote from Sony's President of Digital Media

    "Most people don't even know what a rootkit is, so why should they care about it?"

    icon_eek.gif WTF!!!

    I can't imagine Sony's IT security team knowing about this and not trying to stop it. Every CISSP I know would have been raising hell and heading for the door if they knew this was going to be rolled out. And maybe HR should let the President be educated by the security team before he drives nails in the coffin with statements like that.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,082 Admin
    And even if Sony has an "IT security team" that knows about rootkits, I doubt that it is involved in product development. Even if they were, I doubt that the developers would have actually used the term "rootkit," or fully explained what their new copy protection mechanism could really do. In fact, a some of what Sony's rootkit can do (e.g., hide any file on the system that begins with "$sys$") is mostly due to careless programming.

    I think that there were lies told within Sony about what exactly rookit technology is and the capabilities of Sony's implementation of it. I do not believe for a second that the people at the top of the Sony corporate pyramid could truly understand what a rookit is capable of doing, or that their product was using this technology. Probably an order came down from the top saying "make it impossible to rip our music CDs," and the engineering drones at the lower levels came up with a creative--albeit dangerous--solution. It's very possible that no one at Sony dreamed about the consequences that have resulted.

    Where Sony is really screwing up is in response to this problem. Not only are they not repentant, but they fully intend to re-release their rootkit copy protection scheme once they have the bugs worked out. This whole thing is a software quality issue to them and nothing more. Apparently Sony has not heard of the word "privacy," and believes that if you play one of their music CDs on your computer they have the right to now own your machine.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    "Most people don't even know what a rootkit is, so why should they care about it?"
    icon_thumbdown.gif I think he must regret saying that already, that's some really stupid logic. Most users don't know what any of the holes in IE are, or were, but somehow they do seem to care about it though...
    JDMurray wrote:
    Apparently Sony has not heard of the word "privacy," and believes that if you play one of their music CDs on your computer they have the right to now own your machine.

    Here's something 'funny', Sony violated copyrights by using someone else's code in the rootkit:
    www.theregister.co.uk/2005/11/18/sony_copyright_infringement/

    I haven't been able to find confirmation online, but yesterday I heard Sony already lost a legal case in Europe and is no longer allowed to use the protection mechanism on CDs in the EU.
  • Chivalry1Chivalry1 Member Posts: 569
    Dont worry, Sony is going to feel the full blow of this illegal action. If they attempt to re-release this application, IT security people will be prepared now to start immediate legal action. Just give it up Sony, people will be ripping and buring CDs for the remainder of your years. Whether you are copying a CD, using a media caputure utility on your sound card, or merely sitting a microphone next to the speaker its playing out of; You will still have people copying music.
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
  • skully93skully93 Member Posts: 321 ■■■□□□□□□□
    While Sony is bad for doing this and should be publicly flogged, let's take it a step further and say recording companies are composed of bastards and people that are so out for themselves they don't care if they screw anyone else. Sony itself was probably put under the gun by the general powers that be in the music industry.

    They should probably take into account that the fear of something like that will just lead to more music piracy anyway.

    To curb piracy, this is what I propose:

    1) Stop sucking. If you quit putting out crap, maybe more people will buy it instead of downloading it.

    2) It's not like popular bands are going to starve to death, but still, the ratio of what the artist gets compared to the publisher is still crazy. Maybe if you're nicer to budding artists they'll go through you instead of distributing it on the net.

    3) Keep prices competetive. There have been lots of rumors that prices of music and media might go up to 'compensate' for piracy. This is the same crap that insurance companies feed us. "Someone actually cut 1% into our profits, so we have to raise prices by 10%". Please.

    This is what happens when I don't get enough sleep :)
    I do not have a psychiatrist and I do not want one, for the simple reason that if he listened to me long enough, he might become disturbed.

    -- James Thurber
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Personally I would not shed a tear if Sony Music bit the dust after this. From my buddies in the music industry they are known as bullies and not too many have a like for them.
    www.supercross.com
    FIM website of the year 2007
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,082 Admin
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,082 Admin
    SONY BMG COMMENCES COMPACT DISC EXCHANGE PROGRAM FOR XCP CONTENT PROTECTED CDS

    http://cp.sonybmg.com/xcp/
  • garv221garv221 Member Posts: 1,914
    Wow, where were Sonys lawyers when they decided this? Anyone seen the South Park episode about copying music? "Now Metallica has to wait 6 months for the gold incased shark tank! Still think copying music isn't dangerous!" I can understand business and when to be business oriented, savy and even bully people by legal means; but this is cheating and deserves punishment. They are punhcing below the belt.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,082 Admin
    Looks like Sony has noticed a revenue impact. However, this is likely because of all the CDs they recalled and not from consumers explicitly choosing not to purchase Sony BMG CDs. Still, it's good to see the consequences unfold.

    Sony's Escalating "Spyware" Fiasco
    http://www.businessweek.com/technology/content/nov2005/tc20051122_343542.htm?campaign_id=rss_tech

    Sony DRM Impacts Sales
    http://www.broadbandreports.com/shownews/69769
  • garv221garv221 Member Posts: 1,914
    I saw a commercial by Sony telling people they will refund money for it. Haha
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,082 Admin
    On Monday, Dec 5, Sony BMG released the uninstaller for its XCP content protection software (i.e., the Sony CD rootkit):

    http://cp.sonybmg.com/xcp/english/updates.html

    Wired article about the current Sony BMG situation:
    http://www.wired.com/news/technology/0,1282,69763,00.html?tw=rss.TOP
Sign In or Register to comment.