sakato used our news submit to tell us about Mark Russinovich from Sysinternals.com discovering rootkit like software that was installed when he played the CD "Get Right with the Man" by the "Van Zant brothers". This software is used by Sony BMG to enforce the DRM on their copy protected CDs.
|
I studied the driver's initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with '$sys$". To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view. Besides being indiscriminate about the objects it cloaks, other parts of the Aries code show a lack of sophistication on the part of the programmer. It's never safe to unload a driver that patches the system call table since some thread might be just about to execute the first instruction of a hooked function when the driver unloads; if that happens the thread will jump into invalid memory. There's no way for a driver to protect against this occurrence, but the Aries driver supports unloading and tries to keep track of whether any threads are executing its code. The programmer failed to consider the race condition I've described. |
Those who want to know all the details on how Sony's software works, should check out Mark Russinovich's blog entry. In the discussion of this blog entry, people think this software might break the "California Business & Protections Code Section 22947.3" which can be fined with up to $1,000 for each affected PC.
Source: Sysinternals
And people wonder why I tell them to disable autoplay on all optical disk drives, avoid Sony/Columbia products if at all possible, and return as defective any Sony/Columbia product that does not meet strict cd or dvd standards (ie. NO virus programs included like described above). This company has gone far over the edge in their determination to punish their customers for buying their products.
I tried the root program. I'm clean. That Internals guy is a smart person. I thought here in the US if something installs on your computer without express permission it is an invasion. Read that on one of the law forums.
THis is the part that irritates me. "If you find this rootkit from your system, we recommend you don't remove it with our products. As this DRM system is implemented as a filter driver for the CD drive, just blindly removing it might result in an inaccessible CD drive letter. Instead, we recommend you contact Sony BMG directly via this web form and ask for directions on how to remove the software from your system. We've test driven this and they will provide you with tools to do this."
What a crock. 
Would someone who bought this rootkit music please call the EFF and spend some time getting a lawsuit going?
This is crazy people stop paying for stuff; tell everyone you know about this.
Add to this to the World of Warcraft spying application from months ago from Blizzard.
Its clear the corporations can do anything they want to.
DRM is the number one feature for all new products, like BluRay, Windows Vista, Intel/AMD CPUs. If Sony does this think about what Microsoft & Intel will do.
Sony has gotten ridiculous with this stunt.
This is being discussed by security professionals throughout the industry.
A retroactive "patch" does not address the problem sufficiently.
They should recall all of this media.
Sony you have gone too far again this time.
Happy Birthday to you 
