Sony Music Rootkit->New Security Fix<!

**Videoskooter** · November 8th, 2005, 01:02 PM

Sony Music is in troubled water. The company is being sued for installing spyware on homesystems. When you buy a CD, it contains secret data that install a rootkit on your homecomputer.

This rootkit is supposed to prevent copying the compact disc. Security firms already discovered that the rootkit could be used by hackers. Sony then quickly released a patch but is refusing to distribute a tool to uninstall the rootkit itself.

When you want to delete that rootkit your Windows will crash.

People and firms in Italy and the U.S. already filed class-action-lawsuits. In the U.S. (California) it apparantly is illegal to install spyware without notifying the customer.

EMI also had plans to use this but has now postponed it.

So it seems that the ultimate copyprotection is going to cost Sony a lot more then what they tried to earn with it!

STRONG WARNING: IF YOU ARE ALREADY A VICTIM, DON'T TRY TO REMOVE THE ROOTKIT FROM YOUR SYSTEM! YOU'LL HAVE A MAJOR CRASH

**Bernie** · November 8th, 2005, 02:20 PM

Nice find Johan. Installing a rootkit is very sinister and something a black hat hacker will do as it allows him complete access to your system. That's very serious business and I hope Sony is held accountable.

Is Sony installing this on the hard drive or the firmware for the CD-ROM drive? I'm assuming if it's just the hard drive a clean install should take care of it. If it's on the drive's firmware then you'll need to swap the drive. Also, doesn't Windows inform you that something is about to be installed? It sure does on the Mac and won't let you proceed until you authorize it.

**BrunoRepublic** · November 8th, 2005, 02:52 PM

It's seriously nasty. I don't see how it could change the firmware on the drive itself; wouldn't this require a database of every CD drive out there?

The worst part is how utterly stupid the whole thing is. This only punishes the people who paid for the CD. CD copy protection is pointless; all it takes is one person to crack and rip the CD (which takes no effort if one is using Linux or OSX) and post it to a P2P network, and everyone has it.

I'm looking forward to the domestic release of Imogen Heap's brilliant Speak For Yourself album, but I've found out that it will likely have this insidious copy protection on it. Totally idiotic of Sony, given that the album was released on her own independent label in the UK several months ago, and without any copy protection at all. It's all over the P2P networks already, so anyone who's paying for it wants a legit copy.

**BrunoRepublic** · November 8th, 2005, 02:55 PM

Oh, and...

My understanding is that the CD advises you that *something* is being installed, but exactly what is buried deep in the EULA that nobody reads. The worst part is that there's no way to uninstall, short of serious hacking or reinstalling Windows. I hope that Vista doesn't allow this sort of crap.

**Bernie** · November 8th, 2005, 03:09 PM

Graham,
All valid points for sure.

Just found a very insightful article along with screen shots as to exactly what this rootkit is and why it is petty bad.
http://www.sysinternals.com/blog/200...al-rights.html

The ploy to install this program is that it can only be played/burn copies with its bundled software. That's the Trojan horse apparently.

**Videoskooter** · November 8th, 2005, 04:56 PM

Thx for the technical info guys. I'm not an expert in rootkits though.

Latest news is that even installing the patch from Sony can damage your system and a fact is that there's something bizarre about this patch too, it apparently makes various contacts with the servers from Sony. Some very serious business it seems.

And all the articles I read about it concern Windows, I don't know what it does to Mac and Linux.

**BrunoRepublic** · November 8th, 2005, 05:37 PM

It has no effect on Mac or Linux operating systems, so if you're running either of those, you'll be fine.

**Videoskooter** · November 8th, 2005, 06:51 PM

Here's a link to the F-Secure Security Company that's explaining the Rootkit danger:
http://www.f-secure.com/weblog/archi....html#00000696

And this is already an example how the Hacking-community is using this:
http://www.theregister.co.uk/2005/11...focus_wow_bot/

And this is one of the lawsuits already in progress, filed in Italy this week:
http://www.alcei.org/index.php/archives/105

So it proves that this is for real!

**Videoskooter** · November 9th, 2005, 04:43 PM

And the story continues! The patch that Sony BMG has released is also considered as spyware! You can read the details here:

http://www.techweb.com/wire/security/173600432

GOOD ADVICE: At this moment it is not known if other mediafirms are using this technology, so scan your discs with good anti-virus software!

**BrunoRepublic** · November 9th, 2005, 09:17 PM

More importantly, disable auto-run on all CD/DVD drives.

**Videoskooter** · November 10th, 2005, 06:25 PM

Thx Graham!

And the first malware that uses the Sony Rootkit is launched:
http://news.bitdefender.com/

And:
http://www.trendmicro.com/vinfo/viru...FBREPLIBOT%2EC

**NickNack** · November 10th, 2005, 06:35 PM

How do you know if you've been hit with this thing? I'm worried now because I played my TRIBUTE TO LUTHER cd on my pc and it automatically installed something before it started playing. It said "Media Max" player or something. I have a hard enough time with this damn computer without Sony adding to my headaches. If this is what they'll do to people who actually spend money on their CDs and don't steal their music then I can really see this industry being in bigger trouble than they even realize.

**Videoskooter** · November 10th, 2005, 07:03 PM

Nicky, are you using Windows? Is the Luther Cd a recent output by Sony? If so, you are problably the victim. You can control your system with the Rootkitrevealer from Sysinternals (the link is placed above by Bernie).

Anyway you have to install the patch. It will not remove the rootkit but it will secure your system, although it's spyware too.
Please don't try to remove the Rootkit coz' your PC will crash.

Maybe Graham can give you some better tips and advice!

**Videoskooter** · November 11th, 2005, 12:23 PM

Microsoft, the manufacturer of the Windows-software is finally reacting to all the fuzz Sony is creating. They sure ain't happy with the anti-copy rootkit and they are now deliberating if they are going to take legal action or integrate the rootkit in the spyware that has to be removed by the Windows security tools.

The rootkit apparantly is used on the CD's of 20 Sony-artists but I have not found that list yet.

Read the Microsoft-reaction:

http://www.eweek.com/article2/0,1759...119TX1K0000594

**NickNack** · November 11th, 2005, 05:27 PM

Originally Written by Videoskooter

Nicky, are you using Windows?

Yes.

Is the Luther Cd a recent output by Sony?

Yes, released earlier this year on J Records, which is a unit of Sony BMG. I actually won this CD from David Nathan's Soul Music site. Bet he didn't know this little 'gift' was included for his contest winners.

Bill and I have been talking on-and-off about this all day. I'm not just pissed about the possibility of my pc crashing, but more so this insidious act by Sony. WHO THE HELL DO THEY THINK THEY ARE? Don't cry and moan about the "dishonest" people stealing all your music and then take this action towards the "buying public". 'BIG BROTHER' **** like this really scares me and I want to see a tight leash around Sony's neck and a big hole in their pocketbook. This to me is a corporation out of control.

**Videoskooter** · November 11th, 2005, 06:37 PM

Nicky, if you don't try to remove the rootkit, you're system won't crash. If you install the patch, you're system will be safe. The real f***ing problem is that they can monitor you (double spyware) and that's also a reason to be mad as hell!

But you're absolutely right, they don't have the right to install this junk on somebody's PC and that's where the filesuits come in.

Firstly they're up to some major legal trouble and secondly bonafide people like you and your friend will think twice before
they buy another product of them and thirdly, yes, who's in trouble now? Not the illegal downloaders but the honest customer that pays much money for their outputs.

**Mixmachine** · November 11th, 2005, 08:53 PM

While reading the reviews in my Local paper for the Latest Santana CD the revirewer warned that this CD contained a new copy protection to disable itunes/Ipod uploads, is this "Root Kit" the culprit?

**Videoskooter** · November 12th, 2005, 12:28 PM

I don't know Mix, I don't have experience with the I-Pod systems.

Now, today I read an interesting case in the Belgian press. As I mentioned already on the board, in Belgium it is illegal to make a copy of a CD that you bought.

Our consumer-organisation Test-Aankoop is bringing this to court and states that under international and European law making 1 copie is permitted. They have a big chance to win this. But the other interesting part is that also the copy protection is attacked in their lawsuit.

Uptil now recordfirms that sell products in Belgium can include whatever copy protection they want into their products. So until now it would be damn difficult to bring Sony and their rootkit to court. If our consumerlawyers win the case it'll be very interesting to see how the recordsharks will react.

**Videoskooter** · November 12th, 2005, 01:25 PM

Important Update: press release by Sony BMG!!

http://today.reuters.com/news/newsAr...RTRS&srch=sony

And this is a list of CD's that's circulating on the net. Videoskooter Enterprises is not responsable for its content!

Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia)
My Morning Jacket, Z
Santana, All That I Am
Sarah McLachlan, Bloom Remix Album

**Mixmachine** · November 12th, 2005, 09:12 PM

Originally Written by Videoskooter

Important Update: press release by Sony BMG!!

Santana, All That I Am

Aha! as I suspected, Santana the other night performed on Letterman a great cut off this CD with a new Singer (?), and I was all hyped up to pick it up ASAP , but I think I'll skip it now, I hardly ever play any CDs on my PC but I rather be safe just in case, his "Super Natural" is in my PC 'cause it was the one handy while testing EZCD Creator/Roxio a while back, imagine if I had used some of this new infected releases by mistake instead :cry: after a few months who can remember all this Digital Bull S*** imbedded on a CD.

This is one more reason I'm not as Gong Ho as I used to be about Computers any longer, it used to be fun, but some where along the way it became a constant maintenance chore just keep up with all the viruses, spy ware, id theft, physhing, patches, updates, copy guards, software bugs, conflicts, crashes, freeze ups, fire walls, pop ups, banners, high jacking Home web pages, user Id’s, passwords, bla bla bla....
:-?

**Videoskooter** · November 13th, 2005, 04:55 PM

Microsoft announced today that they will release a special security-update to remove the Sony Rootkit without the danger for a major crash. They don't trust the Sony stuff and they don't want their software to be infected and damaged by it.

Sony announced that it will stop including the rootkit in their products, at least for an indefinite period.

So Nicky and other members/readers, be a little more patient till the special Windows-update is available.

This is a very interesting site where they explain how you can recognize the CD's that are bewitched. It also contains the list that I gave you before:

http://www.eff.org/deeplinks/archives/004144.php

**Videoskooter** · November 16th, 2005, 01:49 PM

Update: the patch that Sony has made available to secure their rootkit is now proven to be a security risk itself. Seems that they are worsening their attempts to control the damage they caused.
http://www.detnews.com/2005/technolo...ech-383184.htm

American's EFF has posed an ultimatum to Sony to withdraw all the CD's with the rootkit from the shops.

And as dessert, I give you the comment from one of the big Sony bosses: "Most people don't even know what a rootkit is so why are they making all this fuzz about it". Yes, my friends, Sony really has a heart for its customers :roll:

**BrunoRepublic** · November 16th, 2005, 02:16 PM

Originally Written by Videoskooter

... the comment from one of the big Sony bosses: "Most people don't even know what a rootkit is so why are they making all this fuzz about it".

Good lord, what an arrogant assfreaker. I don't even know where to begin on that. Fortunately, a lot of people (myself included) are now learning what a rootkit is, as well as the extent of Sony's moral bankruptcy.

**Videoskooter** · November 17th, 2005, 01:34 PM

Update: Sony will withdraw all of the CD's that contain the rootkit. According to the firm this technology was not used on CD's that are distributed in Europe.

These are tips and explanations from the U.S. Government concerning this case:

http://www.us-cert.gov/current/curre...ty.html#xcpdrm

**Videoskooter** · November 21st, 2005, 12:30 PM

Originally Written by Graham_Start

Good lord, what an arrogant assfreaker.

And RIAA backs Sony, people. They are willing to go on with the damn rootkits and hope all the recordfirms will use this technology in the near future.

http://www.malbela.com/blog/archives/000375.html

Thread: Sony Music Rootkit->New Security Fix<!

Thread Tools

Display