ampage
Tube Amps / Music Electronics		 For current discussions, please visit Music Electronics Forum.

ampage archive

Vintage threads from the first ten years

Search for:  Mode:  

 

SONY's rootkit.. pls read!


 :
11/13/2005 7:57 PM
SpeedRacer SONY's rootkit.. pls read!
You may or may not have heard about SONY corp putting a rootkit onto some of their newer CD's. All you need to do is play it on your PC and it will get installed without your knowledge or consent. CA (and soon NY) are putting together class action lawsuits, the first evidence of hackers using the SONY rootkit have already been found in the wild. It is a big mess.  
 
Here are some of the titles affected:  
The following CDs have been known to contain this malicious program.  
 
Trey Anastasio, Shine (Columbia)  
Celine Dion, On ne Change Pas (Epic)  
Neil Diamond, 12 Songs (Columbia)  
Our Lady Peace, Healthy in Paranoid Times (Columbia)  
Chris Botti, To Love Again (Columbia)  
Van Zant, Get Right with the Man (Columbia)  
Switchfoot, Nothing is Sound (Columbia)  
The Coral, The Invisible Invasion (Columbia)  
Acceptance, Phantoms (Columbia)  
Susie Suh, Susie Suh (Epic)  
Amerie, Touch (Columbia)  
Life of Agony, Broken Valley (Epic)  
Horace Silver Quintet, Silver's Blue (Epic Legacy)  
Gerry Mulligan, Jeru (Columbia Legacy)  
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)  
The Bad Plus, Suspicious Activity (Columbia)  
The Dead 60s, The Dead 60s (Epic)  
Dion, The Essential Dion (Columbia Legacy)  
Natasha Bedingfield, Unwritten (Epic)  
Ricky Martin, Life (Columbia) (labeled as XCP, but, oddly, our disc had no protection)  
 
This is only a partial list. You can tell if the CD contains this software by looking at the back of the CD, on the bottom or right side, there will be a "Compatible with" disclosure box. Along with compatibility information, the box also includes a URL where you can get help. The URL has a telltale admission buried in it: cp.sonybmg.com/xcp. The CD will only be playable via the media player it ships with and you'd only be allowed to burn 3 copies. If you've already played this on your PC, you're infected.  
 
SONY now claims it is going to stop this practice and have stopped mfr of CD's with this scheme, but please please please be 100% sure the CD you play on your PC is *not* one of the affected ones. There is *no* fool proof way to know your PC has had a rootkit fully removed. The only thing you can do if you want to be 100% sure is to wipe the hard disk and reinstall everything. - A major drag.  
 
*rootkit - a piece of software which hides itself in the operating system so that it cannot be detected using normal tools nor can it be removed with any assurances. The term stems from the unix world where the admin user "root" has ultimate power on a system.. a rootkit is a program which typically gives a hacker the powers of root on some remote host and is well hidden. If you want to learn more about them, here are a couple good links: first relating to the SONY one:  
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html  
 
and about rootkits in general:  
http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html  
 
please be careful out there!! Educate & protect yourself. Encourage your friends and family to do the same.  
 
If you want to send these idiots a message, I am probably not the first (or last!) but I am personally boycotting all SONY products at least through the holidays and probably longer, but it will depend on if and how they alter their behavior.  
I would encourage anyone and everyone to not send these criminals a single F*ucking penny. This kind of behavior must not be tolerated.  
 
 
- Joe Pampel
  
11/14/2005 9:16 AM
Steve A.
Speed:  
 
    Thanks for the warning!  
 
    One question: Spybot Search & Destroy alerts me whenever any program tries to edit my registry... will it notify me if a rootkit tried to install itself?  
 
Steve Ahola
  
11/14/2005 9:26 AM
SpeedRacer
doubtful, but I don't know for sure.  
 
the rootkit does a very effective job of hiding it's files and processes from other parts of Windows so it is likely that Spybot will not see it either. Spyb ot is getting it's info from Windows, and if Windows has the wrong info.. well, it's just another case of GIGO..  
 
The issue has received enough attention that MSFT is updating their anti-spyware package specifically to ID the Sony program, and I am sure other vendors are doing the same.  
 
On another note, there are now *3* different hacker-built trojans using the Sony code. That didn't take long did it? :(
  
11/14/2005 1:02 PM
Mark Lavelle
quote:
"... there are now *3* different hacker-built trojans using the Sony code."
Amazing that they could be so stupid, when you know Sony has almost as many lawyers as engineers. Whether they ever talk to each other is an entirely different thing, I guess...
  
11/16/2005 7:27 PM
Steve A.
 Sony- jumping from the frying pan into the fire?
    It seems like the harder they try, the deeper they dig themselves in...  
 
http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2005/11/15/financial/f103340S40.DTL  
 
Steve Ahola
  
11/17/2005 10:49 AM
SpeedRacer
They deserve a major - and public - beating for trying to pull this.. if it is severe enough, it should send a message to other corp a-holes not to try this. I enjoyed seeing CNBC picking this up, as it gets the news out to wall st. Despite the fact that I sent an IT memo out to all employees, I got the most feedback on it *after* CNBC started covering it. It made it a 'real' problem.. not just a techie thing. best of all, maybe it will generate some short interest in Sony corp.. ;)  
 
To me it's a moral failure within the corp structure that no one in power said "this is the wrong way to go about this.."
  
11/17/2005 2:38 PM
SpeedRacer
 Re: a good editorial, IMHO..
Editor's Note: Payback  
 
They would've shot the guy by now. That's what I keep thinking as I read one article after another detailing Sony's hell-bent rocket flight into what will certainly be billion-dollar lawsuit territory.  
 
By "the guy," I simply mean any garden-variety sociopath who had caused this much damage to so much property, all through the use of a rootkit-spyware combo that he spirited onto victims' systems by disguising it as a music CD.  
 
Nobody uses Celine Dion as a malware carrier, pal: Blindfold. Cigarette. Boom. And then maybe bill the next of kin for the bullets used to dispatch him, just for good measure.  
 
Yet this isn't some pathetic 22 year-old holed up in his parents' basement. It's a wholly-owned subsidiary of one of the world's largest industrial conglomerates. As a result, when it . . .  
 
--Treats millions (and it could easily be that many) of its own customers like thieving little turds, deliberately and systematically placing unambiguous malware on their systems, all without their knowledge or consent.  
 
--Hands other malware purveyors a gift in the form of a ready-to-repurpose rootkit that might as well be a hand grenade with a missing pin.  
 
--Issues a "fix" for its initial act of computing evil that, according to security experts, causes another, even more serious security gap.  
 
--Initially obstructs users' efforts to remove its garbage from their private property, and even now issues arrogant claims reserving the right to protect its content with future acts of fraud, trespass, theft by denial-of-use.  
 
. . .all of the law-and-order types who went after Kevin Mitnick as if he were the second coming of Adolf Hitler suddenly have someplace else to be. In fact, the silence from the door-kicking, gun-toting, cybecrime tough-guy contingent is overwhelming.  
 
Sony didn't make a "mistake" here -- and frankly, anyone willing to apply that term to the company's actions needs to spend some quality time with a dictionary. The person(s) within Sony who authorized this fiasco knew what they were doing and what the consequences might be -- and assumed they could ride out the aftermath if things went badly.  
 
Things did, indeed, go badly. And while the size of the ensuing class-action lawsuit might make a business peddling mail-order Thalidomide seem lucrative by comparison, a far more relevant and important idea -- that we should find the Sony decision-makers in this case and slap them with felony charges -- somehow has yet to enter the mainstream discussion.  
 
There's only one way, really, to make "don't do it" a more compelling moral to this story than "don't get caught": Identify the individual culprit(s), charge them, try them, and then leave them in peace to work out the bunk assignments with Tiny, and No-Neck, and their other new cellmates. If it's the right punishment for kids who are usually more interested in planting a virtual flag to mark a hacker "conquest," it's the ideal punishment for a bunch of well-paid rats who think they're above the law.  
 
Matt McKenzie  
Editor, Linux Pipeline  
mattcmp@sonic.net  
www.LinuxPipeline.com  
 
---------------------------  
 
only 2 words I would add to this:  
Right On.
  

  Page 1 of 5 Next> Last Page>>