[clug] Sony music CDs hack PCs
Michael James
clug at james.st
Thu Nov 3 04:03:25 GMT 2005
To summarise a thread on suse-OT at suse.com:
Sysinternals' Mark Russinovich received/ found a rootkit on his machine.
Since he is the developer of Root Kit Revealer
and certainly knows the dangers of running code
from suspicious sources it was a most unwelcome surprise.
He did what few of us would have the knowledge/ability to do.
He thoroughly investigated it, including debugging
and disassembling it
And what he found was pretty shocking.
The root kit was installed by a Sony music CD he had
purchased and played weeks before.
The DRM enforced certain rules,
such as restrictions on playing and copying
(you can only play the CD on a computer
via their bundled player, not a player of your choice
such as WinAmp or Windows Media Player).
Not only was the player invasive
(being hidden in the registry and the filesystem)
but as Mark points out, it wasn't even good programming,
stealing excessive CPU cycles,
and leaving your computer open to blue screening
through a race condition the root kit's authors didn't handle.
And, removing the rootkit is hardly something a novice user
could or should do, as it would leave them
with a non-functioning CD ROM drive
(since simply removing the root kit files/processes
won't remove its entry as a CD ROM filter,
which will make your CD ROM drive unusable,
unless/until you remove that filter,
something there is no admin interface for,
but can be done via registry editing
if you know that's the problem and you know where to look).
http://www.f-secure.com/weblog/
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
http://blogs.zdnet.com/BTL/?p=2092&tag=nl.e539
Now Sony Unit is about to Distribute a Software Patch
After a chorus of criticism, Sony Corp. (SNE)'s music division said
Wednesday it is distributing a free software patch to reveal hidden
files that automatically installed to hard drives when some of its
music CDs were played on personal computers.
http://apnews.myway.com//article/20051103/D8DKM0V84.html
--
Michael James michael at james.st
Network Programmer work: 02 6246 5040
8 Brennan St home: 02 6247 2556
Hackett, ACT 2602 mobile: 04 1747 4065
Give the people control of media, they will use it.
Don't give people control of media, and you will lose them.
Jeff Jarvis
More information about the linux
mailing list