*** Forum Leader / Moderator ***
Sony Music is in troubled water. The company is being sued for installing spyware on homesystems. When you buy a CD, it contains secret data that install a rootkit on your homecomputer.
This rootkit is supposed to prevent copying the compact disc. Security firms already discovered that the rootkit could be used by hackers. Sony then quickly released a patch but is refusing to distribute a tool to uninstall the rootkit itself.
When you want to delete that rootkit your Windows will crash.
People and firms in Italy and the U.S. already filed class-action-lawsuits. In the U.S. (California) it apparantly is illegal to install spyware without notifying the customer.
EMI also had plans to use this but has now postponed it.
So it seems that the ultimate copyprotection is going to cost Sony a lot more then what they tried to earn with it!
STRONG WARNING: IF YOU ARE ALREADY A VICTIM, DON'T TRY TO REMOVE THE ROOTKIT FROM YOUR SYSTEM! YOU'LL HAVE A MAJOR CRASH
DiscoMusic.com Owner / Administrator
Nice find Johan. Installing a rootkit is very sinister and something a black hat hacker will do as it allows him complete access to your system. That's very serious business and I hope Sony is held accountable.
Is Sony installing this on the hard drive or the firmware for the CD-ROM drive? I'm assuming if it's just the hard drive a clean install should take care of it. If it's on the drive's firmware then you'll need to swap the drive. Also, doesn't Windows inform you that something is about to be installed? It sure does on the Mac and won't let you proceed until you authorize it.
Double Platinum Record [Level 9]
It's seriously nasty. I don't see how it could change the firmware on the drive itself; wouldn't this require a database of every CD drive out there?
The worst part is how utterly stupid the whole thing is. This only punishes the people who paid for the CD. CD copy protection is pointless; all it takes is one person to crack and rip the CD (which takes no effort if one is using Linux or OSX) and post it to a P2P network, and everyone has it.
I'm looking forward to the domestic release of Imogen Heap's brilliant Speak For Yourself album, but I've found out that it will likely have this insidious copy protection on it. Totally idiotic of Sony, given that the album was released on her own independent label in the UK several months ago, and without any copy protection at all. It's all over the P2P networks already, so anyone who's paying for it wants a legit copy.
Double Platinum Record [Level 9]
Oh, and...
My understanding is that the CD advises you that *something* is being installed, but exactly what is buried deep in the EULA that nobody reads. The worst part is that there's no way to uninstall, short of serious hacking or reinstalling Windows. I hope that Vista doesn't allow this sort of crap.
DiscoMusic.com Owner / Administrator
Graham,
All valid points for sure.
Just found a very insightful article along with screen shots as to exactly what this rootkit is and why it is petty bad.
http://www.sysinternals.com/blog/200...al-rights.html
The ploy to install this program is that it can only be played/burn copies with its bundled software. That's the Trojan horse apparently.
*** Forum Leader / Moderator ***
Thx for the technical info guys. I'm not an expert in rootkits though.
Latest news is that even installing the patch from Sony can damage your system and a fact is that there's something bizarre about this patch too, it apparently makes various contacts with the servers from Sony. Some very serious business it seems.
And all the articles I read about it concern Windows, I don't know what it does to Mac and Linux.
Double Platinum Record [Level 9]
It has no effect on Mac or Linux operating systems, so if you're running either of those, you'll be fine.
*** Forum Leader / Moderator ***
Here's a link to the F-Secure Security Company that's explaining the Rootkit danger:
http://www.f-secure.com/weblog/archi....html#00000696
And this is already an example how the Hacking-community is using this:
http://www.theregister.co.uk/2005/11...focus_wow_bot/
And this is one of the lawsuits already in progress, filed in Italy this week:
http://www.alcei.org/index.php/archives/105
So it proves that this is for real!
*** Forum Leader / Moderator ***
And the story continues! The patch that Sony BMG has released is also considered as spyware! You can read the details here:
http://www.techweb.com/wire/security/173600432
GOOD ADVICE: At this moment it is not known if other mediafirms are using this technology, so scan your discs with good anti-virus software!
Double Platinum Record [Level 9]
More importantly, disable auto-run on all CD/DVD drives.
*** Forum Leader / Moderator ***
Thx Graham!
And the first malware that uses the Sony Rootkit is launched:
http://news.bitdefender.com/
And:
http://www.trendmicro.com/vinfo/viru...FBREPLIBOT%2EC
Double Platinum Record [Level 9]
How do you know if you've been hit with this thing? I'm worried now because I played my TRIBUTE TO LUTHER cd on my pc and it automatically installed something before it started playing. It said "Media Max" player or something. I have a hard enough time with this damn computer without Sony adding to my headaches. If this is what they'll do to people who actually spend money on their CDs and don't steal their music then I can really see this industry being in bigger trouble than they even realize.
*** Forum Leader / Moderator ***
Nicky, are you using Windows? Is the Luther Cd a recent output by Sony? If so, you are problably the victim. You can control your system with the Rootkitrevealer from Sysinternals (the link is placed above by Bernie).
Anyway you have to install the patch. It will not remove the rootkit but it will secure your system, although it's spyware too.
Please don't try to remove the Rootkit coz' your PC will crash.
Maybe Graham can give you some better tips and advice!
*** Forum Leader / Moderator ***
Microsoft, the manufacturer of the Windows-software is finally reacting to all the fuzz Sony is creating. They sure ain't happy with the anti-copy rootkit and they are now deliberating if they are going to take legal action or integrate the rootkit in the spyware that has to be removed by the Windows security tools.
The rootkit apparantly is used on the CD's of 20 Sony-artists but I have not found that list yet.
Read the Microsoft-reaction:
http://www.eweek.com/article2/0,1759...119TX1K0000594
Double Platinum Record [Level 9]
. 
. 
Yes.Originally Written by Videoskooter
Yes, released earlier this year on J Records, which is a unit of Sony BMG. I actually won this CD from David Nathan's Soul Music site. Bet he didn't know this little 'gift' was included for his contest winners.Is the Luther Cd a recent output by Sony?
Bill and I have been talking on-and-off about this all day. I'm not just pissed about the possibility of my pc crashing, but more so this insidious act by Sony. WHO THE HELL DO THEY THINK THEY ARE? Don't cry and moan about the "dishonest" people stealing all your music and then take this action towards the "buying public". 'BIG BROTHER' **** like this really scares me and I want to see a tight leash around Sony's neck and a big hole in their pocketbook. This to me is a corporation out of control.
Permissions
Reply With Quote
Bookmarks