03-11-05

Sony Rootkit shows how to crash and cash

Sony has installed a rootkit from http://www.first4internet.com on a CD ( http://www.sysinternals.com/blog/2005/10/sony-rootkits-an... and http://www.europe.f-secure.com/v-descs/xcp_drm.shtml) which you are obliged to listen to the music on the cd and its mediaplayer which limits you to 3 copies only of a song. But to do this the cd installs a invisible rootkit  (www.securingit.tk - malware) on the pc, that can't be removed without crashing your machine. But you can ask Sony how to do it http://cp.sonybmg.com/xcp/english/form8.html and according to others it works (but why isn't it in the package - software without an uninstaller is imperfect) but you can also use this article
http://support.microsoft.com/default.aspx?scid=kb;en-us;2...
 
other suggestions are
*  it does not use ActiveX to install. You are referring to the built-in "Player" that they force you to use for the DRM side of things. It installs by use of the AUTORUN feature. If you turn it off, it will not install the rootkit. Then you just need to use a program to rip the audio from the CD to MP3/OGG/etc... and playback those files
* in many corporate and teen computers at home the users are simple users that can't install anything so the cd may not work there
 
but what is more legally they are not only installing hackerware on our machine but they aren't even telling us ""The end user license agreement (EULA) doesn't mention any install [of a rootkit]," he said. "That likely makes it illegal in the U.K. and the EU, and in at least 10 states in the U.S. as well. Sony could be in a lot of trouble on this one." http://www.securitypipeline.com/showArticle.jhtml;jsessio...
 
and this is not all because "Sony's Blu-Ray copy protection can render a set top Blu-Ray player (and for all I know a computer Blu-Ray burner) inoperable if you attempt to circumvent the copy protection in any way" http://www.betanews.com/article/Sony_to_Help_Remove_its_D...

 
and even other hackers can misuse the same techniques "All an attacker needs to do is name his files beginning with the same "$sys$" prefix used by the Sony CD copy protection files."
http://www.securitypipeline.com/showArticle.jhtml;jsessio...
 
and meanwhile the gaming hackers are already using it because it is totally stealth http://www.securityfocus.com/brief/34?ref=rss
 
should antivirus companies, surely at companylevel block this installment ?
 
 

15:47 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.