Is it time for Sony to recall their rootkit DRM music Cd's?
Posted on 06/11/05 18:03 by Dan Bell                             
Is it time for Sony to recall their rootkit DRM music Cd's?

From Wikipedia, the free encyclopedia. Here is the definition of the term rootkit.

"A rootkit is a set of tools frequently used by an intruder after cracking a computer system. These tools are intended to conceal running processes and files or system data, which helps an intruder maintain access to a system for malicious purposes. Root kits are known to exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows. Rootkits received increased prominence in late 2005, when it was found Sony/BMG was including them on their music Cd's."

In related news, we learn of an example of the damage to companies and end users due to this malware, Airhead used our news submit to tell us that the rootkit can now be used by hackers to hide cheat code when playing World of Warcraft hacks. He discovered this new vulnerability while reading a recent article in Security Focus. We can read this quote from the page to get an idea of how this one works:

Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD. Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG"s content protection, which only requires that the hacker add the prefix "$sys$" to file names.

The DRM software is loaded on a Windows PC during the auto play sequence after placing an affected music CD in your optical drive and then agreeing to the end user license agreement from Sony. There is no mention of loading this rootkit or the damage it can do, nor is there an uninstall routine. It also will not appear in the Windows Remove Programs menu. Lovely. As you can see, there is little difference between this routine and a hacker trying to gain access to your machine. You are fooled into accepting a hidden payload by agreeing to another set of conditions in order to play the music that you just payed good money for. The problem is, honest people will be affected by this agreement and their PC's could be put at risk.

If you have not been following this story, it's time you did, as there are some 20 music Cd's out there published by Sony/BMG, that contain this malware they are calling a DRM solution concocted for them by by First 4 Internet. Be warned that once your PC is infected, it is difficult or maybe impossible to remove the code from your computer without causing damage to your system, such as rendering your CD drive inaccessible. In addition to hiding hacks, if your PC is infected with this DRM you can also be setting yourself up for new viruses that your scanner will not detect as the same trick can be used by virus writers to cloak the code from your anti virus protection program. As Airhead sarcastically said in his news submittal on this subject: "Good job Sony"

If you would like to discuss this new DRM from Sony and also to take part in a poll as to whether products containing this rootkit be pulled from the shelves, then feel free to visit this thread in the Club CD Freaks Living Room and cast a vote.

Source: Various

Reactions
Discuss this article with your fellow community members! We appreciate your valuable input, but please keep the reaction policy in mind and make sure your reaction is constructive.
Name: Email:



Your comment:

Receive notification on new comments?