The Un-Official Proxomitron Forum

Full Version: Sony music CD installs spyware
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
(EDIT: moved to General Security - Nov 3rd by Oddysey)

Bloged in Spyware by Martin Wednesday November 2, 2005 at about 12:35 am

A few minutes ago I read a news article written by Brian Krebs who described how some Sony Music Cds try to install a software on pcs that could be labeled as spyware.

It seems that we have reached a new level in the fight between the record companies and its consumers. If you put a music cd in question into your drive a installer will popup. If you agree to install the software you won?t find a uninstall feature anywhere on your pc.

Apparently all Music Cds labeled ?Content enhanced & protected? have the installer on the CD, make sure you check this before you buy a cd you would want to hear using your pc.

According to Krebs ?The CDs in question make use of a technique employed by software programs known in security circles as ?rootkits,? a set of tools attackers can use to maintain control over a computer system once they have broken in.?


It takes pc expertise to be able to remove this software ones it is installed on your pc. FSecure analysed the product and have a own virus definition for it. Lets take a look at their summary:

Extended Copy Protection (XCP) is a CD/DVD copy protection technology created by First 4 Internet Ltd. XCP has been used to protect some audio CDs released by Sony BMG Music Entertainment. The XCP protected disks contain digital rights management (DRM) software that allow the user to make a limited number of copies of the disk and also rip the music into a digital format to be used on a computer or portable music player.

Once installed, the DRM software will hide:

Files
Processes
Registry keys and values

No means of uninstalling the DRM software is given. The software supports Windows 98SE, Windows ME, Windows 2000 SP4 and Windows XP.

This analysis was conducted on Windows XP. The music CD that contained the DRM software was Van Zant: Get Right with the Man (Sony BMG Music Entertainment).

Fsecure also posted a guide on how to remove the software once installed on your system.





http://blogs.washingtonpost.com/security...rrer=email
I can see it now - the next "phase" will be this spyware software coming pre-loaded onto any blank CD-R's that you buy...

Hmm, owning a few copyrights myself, maybe that isn't such a bad idea afterall...
This will be sued out of existance.

elshaddai has given only a part of the total picture. In effect, Sony has violated at least one body of 'anti-trespass' law here in the US, and it looks like a few more over in the EU. Here's the link to the original article: http://www.sysinternals.com/blog/2005/10...ights.html

Of great interest, at least to me, was the recent court case in Chicago which found that this very act (by another company) was "a direct invasion of privacy in the home" of the user. Said violater lost, big time - Sony will lose even bigger time when enough complainants engage a lawyer that specializes in class-action tort suits.


Oddysey
Another problem was raised by ZOverlord at BroadbandReports, who, based on Mark Russinovich's blog (which Oddysey linked to), pointed out that: any files beginning with $sys$ would be hidden by Sony's rootkit. Thus, a malware maker could theoretically re-name his own malware accordingly, and once it had gotten into one's system, it would be effectively hidden as though the malware author had rootkitted the system. Not good. Perhaps I should have clarified that by saying malware maker #2, with malware maker #1 being Sony + First4Internet.
To those concerned.....

Sony has more or less admitted to the malware aspect of this DRM methodology. They don't say it in so many words, of course, but they now provide a means to remove the DRM rootkit.

Over on http://www.shellcity.net, I found this link: http://cp.sonybmg.com/xcp/english/form14.html Note that it's merely a form asking for the removal tool(s). I haven't tried it, I don't have the problem, so please don't blame me if they end up sticking you with yet more BS. This is one case where it's really caveat emptor!


Oddysey
Well, it had to happen! Brush Teeth

Sony has "temporarily" halted the use of its [s:61e810a282]bullshit[/s:61e810a282] alleged copyright protection rootkit on music CDs. However, they will continue to use other (useless) protection schemes. Looks like a black eye is still on the horizon.....

Sony had to do something like this, if for no other reason than the fact that less than a week after it first snuck onto an un-suspecting user's drive, at least one Trojan-Zombie threat has piggy-backed onto the controversial rootkit, as predicted by nxIsle above. Get the full-meal-deal here: http://news.com.com/Sony+halts+productio...&subj=news Be sure to follow the link about the Trojan, I'll bet Sony's lawyers are gasping for breath right about now! Shock


Oddysey
Now even Microsoft is getting into the act!

Check here for CNet's short report: http://news.com.com/Microsoft%20will%20w...&subj=news


Oddysey
More articles:

http://dewinter.com/modules.php?name=New...le&sid=215

Quote:The spyware that Sony installs on the computers of music fans does not even seem to be correct in terms of copyright law.

It turns out that the rootkit contains pieces of code that are identical to LAME, an open source mp3-encoder, and thereby breach the license.

http://www.sysinternals.com/blog/2005/11...to_09.html

Quote:A few days after I posted my first blog entry on Sony’s rootkit, Sony and Rootkits: Digital Rights Management Gone Too Far, Sony announced to the press that it was making available a decloaking patch and uninstall capability through its support site. Note that I said press and not customer. The uninstall process Sony has put in place is on par with mainstream spyware and adware and is the topic of this blog post.

http://yro.slashdot.org/yro/05/11/13/141...141&tid=17 (links to http://www.eff.org/deeplinks/archives/004145.php)

Quote:"If you think the Sony rootkit is bad, check out the accompanying EULA! From the EFF's summary: 'If your house gets burgled, you have to delete all your music from your laptop when you get home. ... Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. ... Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling.'"

http://www.sysinternals.com/blog/sony-eula.htm

Sony's EULA.

---------

They're no different from a crapware company.
3 viruses are now exploting this rootkit

Quote:Now anti-virus companies have discovered three malicious programs that use XCP's stealthy capabilities if they find it installed on a compromised PC.

"The development we feared most from Sony's inclusion of rootkit technology to conceal its DRM software was its use to conceal malicious code," said David Emm from security firm Kaspersky Labs.

"Unfortunately, it seems our fears were well-grounded."

Backdoor virus

Security firm Sophos said it had found a virus attached to a spam message posing as an e-mail from a British business magazine. The subject line of the message is: "Photo Approval Deadline".

Those opening and running the program attached to the mail will have their computer infected with the Stinx-E trojan. The virus is also known as Breplibot and Ryknos.


Sony was trying to stop illegal copying of its CDs
This virus opens a backdoor into infected machines and tries to download more malicious code from the net to further compromise an infected machine.

A bug in the code of the first variant of this virus prevented it working properly but now other versions of the malicious program are appearing that fix this problem.

http://news.bbc.co.uk/1/hi/technology/4427606.stm
Mind you, apparently MS new operating system, Vista, is set to tell you what Cd you can and can't play on your computer. It's apparently going to additionally restrict what hardware you can use as well - unless it's from a trusted vendor, forget it. There's also some system to prevent you from playing illegal CDs - though apparently this is likely to wind up with the OS rejecting lots of monitors with the error message that the monitor has been revoked.

May well get Linux as my next OS - I'd damned if I'm going to have an OS company telling me what I can and can't do with my system. On the contrary, their job is to ensure that I can do whatever I want on my PC, and then shut up, not act as self-appointed policemen.

Kevin
laighleas Wrote:May well get Linux as my next OS - I'd damned if I'm going to have an OS company telling me what I can and can't do with my system.

Ubuntu looks good Smile!
Kevin,

Knoppix is your friend! Cheers


Oddysey
:-) Well, currently I'm looking at popping a newer hard drive - with faster access times - into the PC. That means I can turn the current one into a slave, which allows me to load it with Linux and experiment. Need to research things a bit more, but that's the general idea.

Will probably have to incorporate WINE - I need Word and Excel because I need something that's compatible with the programs at work. If I'm using the same programs, I don't need to involve myself in conversions. I'll have to look at the instant messenger stuff as well, for keeping in touch with friends. It's a question of seeing what Linux programs are available, and whether they'll be good replacements for equivalent Windows programs, or whether the Windows program needs emulation. Mind you, even with Linux, I may need Windows on a slave drive, cos Her Indoors loves her games. Not sure how Linux does for games, but Her Indoors largely looks at Windows games.

Ah, it will all be sorted out with a bit of hands-on experience and fiddling about. :-)

Kevin
Gang;

As I predicted in this thread, back on 02 Nov 2005:
Quote:This will be sued out of existance.
The Attorneys General of California and Texas have indeed brought suit - check it out: New Spyware Claim Against Sony/BMG

There are some history links within the article..... if you've missed most of the ruckus, they should help bring you up to speed. Big Teeth


Oddysey
Oddysey Wrote:Gang;

As I predicted in this thread, back on 02 Nov 2005:
Quote:This will be sued out of existance.
The Attorneys General of California and Texas have indeed brought suit - check it out:

Oddysey

I bet Sony will claim ignorance and blame Media Max. Santa Claus
Pages: 1 2
Reference URL's