Slashdot Mirror
Trojan Using Sony DRM Rootkit Spotted
Analise writes "The Register reports on the first trojan using Sony's DRM rootkit. A newly discovered variant of the Breplibot trojan makes use of the way Sony's rootkit masks files whose filenames begin with '$sys$'. This means that any files renamed this way by the trojan are effectively invisible to the average user. The malware is distributed via an email supposedly from a reputable business magazing requesting that the businessperson verify his/her attached 'picture' to be used for an upcoming issue. Once the payload is executed, the trojan then installs an IRC backdoor on affected Windows systems."
Irregardless of the existence of government, the natural rights of an individual cannot be given away (you can't sell yourself into slavery, you can't tell a higher power that it's ok to kill you). One such right is the right to private property, closed to others' prying eyes or presence.
One great force behind this right is that past acts bear no allowances for future acts. If I let you into my house yesterday, you have no right to be here today. I may contractually allow you to come and go as you please, but I have to willfully sign the contract with witnesses noting the act.
Sony's DRM uses government force (through copyright provisions) to settle its legality. They say that by using their property, you have to permanently give up your natural right to private property (free speech Statists wrongfully call it Right to Privacy). Sony is wrong.
By violating numerous natural rights, Sony has opened itself to a demand for restitution. I wholeheartedly believe that corporate protections are wrong, as is copyright. My solution? Go after Sony through the shareholders directly (they own the business and allowed the breach of a basic human right). Demand restitution for the trojan if you receive it.
Imagine if you buy a Saab and Saab has an agreement stating "If you turn the car on, you allow two Saab employees to ride in your trunk and search your house for proof you might install a non-Saab oil filter." You've signed nothing. The two Saab employees open your house door, take up residence and leave the door wide open. Two typical pro-copyright arguments: You're not allowed to install non-Saab oil filters or how else would Saab make money? Why would they design cars?
This is the problem with copyright. Instead of individuals protecting proprietary information of value (books, music, etc) and producing it in the best way over anyone else (live shows, subscriptions to new music, etc), they say "copy us and government will use force against you."
It's all wrong. Don't publicly say anything valuable to you. Don't think you can come in my home because you did once before. Don't think you can rape me because a note in your pocket says you're allowed to, and I let you in without checking your pockets.
It's not the enginners fault. It's the ones that decided to put it out.
"And more so, Sony should replace EVERY affected computer with a brand new Vaio"
I'd prefer the cash alternative.
My other processor is big-endian.
Remember: Sony didn't write the rootkit. They bought it from someone else.
Now, the question is, what department thought it was a good idea? Sales and Marketing? Legal? Somebody had to think it was worth the money...
'Sensible' is a curse word.
I know i should be shocked and offended by retarded attemps at DRM lock-in by Sony... but i can't.
I'm loving this. I just can't wait to see what happens when antivirus/spyware vendors decide to consider the Sony rootkit as an attack vector and remove it accordingly... will it show up as "Sony.CDcopyprotection.malware"? "F4I.XCP.Aurora"? How about the information about it? Will we see legal battles between antivirus vendors and Sony? Class action lawsuits from consumers? I'm already preparing some popcorn for the event!
Irregardless of the existence of government, the natural rights of an individual cannot be given away (you can't sell yourself into slavery, you can't tell a higher power that it's ok to kill you). One such right is the right to private property, closed to others' prying eyes or presence.
This is crap. If I want to end my life, I should most certianly be allowed to give someone the right to kill me. I tis *my* life, no one should have any say what I do with it but me. Same goes with the slavery question. Maybe I enjoy having a master? Who are you to tell me what choices I should be making?
The only right you are born with is the right to die. You are not born with the right to personal property or anything else. Do you think that a spider has a right to it's web? If so, then why do you shoo it out of your house? If you don't , then why do you for some reason think nature has granted *you* "fundamental rights", but not other forms of life?
"Rights" are granted by society, a human construct, not by nature. The only reason people have rights is because that we as a community agree that certain things are allowed, and others are not.
It is when two sets of belief systems conflict with each other that we have problems; just because you feel that someone in China should have a "right" to free speech, does not mean that they automatically do, any more than just because someone in a cannabilistic tribe teels that Americans should have a "right" to eat each other, mean that they do. They are totally seperate sets of beleif systems, neither is any more wrong than the other. The only thing that determines what is "right" and "wrong" is society.
Yeah, Sony only delivered it to people just trying to listen to music.
I sure (Insert Your Favorite Murderer Here) didn't manufacture the bullets he used to kill his victims either.
You are in a maze of twisty little passages, all alike.
That sounds like you're letting Sony off the hook, but I don't think it works like that. I mean, suppose I were to sell you a poisoned soda and that as a result you nearly die. Would it matter if I bought the poison from someone else?
Not to mention trying to conceal its presence and lying about its function.
I think Sony stand to take a hiding over this one.
Don't let THEM immanentize the Eschaton!
If some bored teenager devised and distributed such a rootkit, he or she would be accused of costing businesses millions and thrown in jail for 10 years. Can someone explain to me why Sony is not getting prosecuted for "hacking" here? What makes them exempt (aside from whatever civil lawsuits are being brought against them)?
Join Tor today!
Boycott isn't going to do squat to a company the size of Sony. If Sony BMG's profits actually go down, they'll just blame music pirate and file sharers. Then they'll get laws even worse than the DCMA passes. Everybody who get trojaned with the help of Sony's rootkit needs to sue Sony.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
It's not the enginners fault. It's the ones that decided to put it out.
Bullshit. The engineers are the ones who should know right from wrong. Sony wouldn't even have attempted this if their so-called "engineers" hadn't played along.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I'm sure Wal-mart is hiring, leave your rights at the door.
Presumably only if they are a US anti-virus company. It could also be a marketing war for the anti-virus firms. Only the non-US ones will be able to clear-up the Sony malware, e.g. Kaspersky.
Bob
Listen to my latest album here
Oh gimme a break. The media companies are delerious with the power granted them by their whores in Congress. The engineers, I'm sure, were given no real choice in the matter. Remember, it is RIAA, the MPAA and all those sleeze bag politicians who'd sell their own mothers for a little political cash who have produced this abomination. If you want to solve the problem, tell all the people in your district that your congressman is a hooker sucking off the teats of media giants, and tell them to make this kind of behavior an election issue.
The world's burning. Moped Jesus spotted on I50. Details at 11.
I was recently called up by a pimp (consultancy agent) and he asked if there was any company I wouldn't want to work for. I said anyone connected directly with the defence industry and he told me that I'd be surprised how many people also said that.
As far as I'm concerned, if I write software for a guided missile for example, and that missile happens to kill innocent civilians (even if by mistake) then I feel like there'd be at least some blood on my hands too - which I don't want.
i'm not questioning your stance, and i respect your opinion on this, i just wanted to express another opinion on working for the defence industry. my brother works for a company that makes tank ammo. and he's super anti-war and doesn't trust the government, and all that, so i asked why he works for the company. he said that his job is to design the safest tank ammo possible. so he can have a zero defect rate where a defect is something that ends up killing the soldiers in the tank. the man is always going to fight wars (he always has) and people are going to get killed for the sake of lining the man's pockets. but if you can prevent more of our young soldiers for dying, then i think you've done good. so don't think of working for the defence industry as helping the man kill people, view it as helping keep the wars shorter and saving more of our soldiers. the man will fight the war with whatever technology is available.
Furthermore, in most (if not all) countries, "land ownership" does NOT include mineral rights (which are arguably a significant part of the land) and can often be overruled or dismissed by the Government should they decide they can make better use of the land (5th Amenndment in the USA includes this provision, I believe). As such, it is not really ownership and can - at best - be called borrowing from the State.
There are countries in which private ownership of any kind simply isn't recognized at all. Everything is communal. Such societies don't seem to be any less rights-respecting than any other. Indeed, the USA - which has more codified rights than almost any other country - has one of the worst records of any country for actually honoring what is codified. Indeed, not only is it not honored, even when the courts rule against it, the US Government doesn't always respect those decisions. (The Sioux won in the Supreme Court to have the Black Hills revert to them - that was something like 40 or 50 years ago and the US Government is still refusing to honor the ruling.) Even when it does respect them, it has the power to replace any judge that rules against them (as threatened by DeLay over the Terri Schaivo case) which does damage any semblance of independence or impartiality.
I do believe there are Natural Rights. I believe there is a Natural Right for any individual to be seen for oneself, that there is a Natural Right for any individual to improve their quality of life, that there is a Natural Right for any individual to hold to any beliefs they so choose, that there is a Natural Right for any individual or group to privacy and that there is a Natural Right for any individual or group to maximise potential and minimise harm.
Most of these are what Republicans and Libertarians would consider obnoxiously socialist. The only way to maximise potential is to maximise the flow of information and to guarantee the practicalities of learning that information in a manner that is useful and usable. In other words, maximal quality education and minimal restraint on learning. In practice, if you're from a poor family in a poor area in the US, the only way to learn is to be good at sports or be in the military. Oh, and be male. Poor females in the US are left to rot, regardless. The only way to be good at sports in the US seems to be to take dangerous (and eventually lethal) drugs. Brain damage and other sporting injuries are pretty common. The US military is routinely accused of fraudulant claims in recruitment efforts, violent abuse (sometimes lethal) against recruits and persecution of non-Christians. Rape of females in the US military also appears to be a common complaint - and rarely investigated.
Rights - Natural or otherwise - are only meaningful if enforcable. This is one reason the original version of the Magna Carta stipulated the right to seize (by force, if necessary) judicially-awarded compensation or enforce judicially-awarded rulings against the Government (in that case, the king). In other words, nobody - absolutely nobody - was above the law, and nobody could use executive priviledges to abuse the law or anything else. Name me one country that has such a provision today. (No, the US impeachment procedure doesn't count. The current Congress wouldn't impeach Bush if he was caught red-handed in an act of treason, and the population at large has no impeachment rights. The UK's vote of no co
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
if I write software for a guided missile for example, and that missile happens to kill innocent civilians (even if by mistake) then I feel like there'd be at least some blood on my hands too - which I don't want.
I have a rather different take on that. My position is that weapons are necessary, until and unless all threats to peace are neutralized (which isn't going to happen.) I would have no problem at all working on a weapon, as long as it wasn't a waste of tax money, as many weapons projects are. I'd have no qualms at all about working on the Manhattan project, for example.
If you refuse to ever have any blood on your hands, who do you expect to defend your family? I'm alive today, because men like my my uncle John went to war in 1941.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
The problem with your analogy is that the developers, in all likilihood, did not know what this is going to be used for. Sony purchased the rootkit from another company which may have some valid reason for making these. The part that is so bad is NOT the rootkit itself but that it was included in the CD.
So far, I haven't seen any mention on the mainstream news about this. Maybe because it's too technical, but I think it's because CNN is a company of Time-Warner, and Time-Warner and Sony are fellow MPAA (and/or RIAA?) members. They (CNN) are great about covering the fluff. Count on them to down-play the stuff that hurts their business sleaze.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
Sony purchased the rootkit from another company which may have some valid reason for making these.
First 4 Internet made the XCP DRM system, rootkit and all. Their business model is to develop and sell DRM products to the music industry. So the programmers at F4I must have been deaf and blind in order not to know that the rootkit would be distributed on 'audio' CDs.
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
I've tried mentioning this story to some of my non-geek friends, and their eyes just glaze over. I even try phrasing it like, "Sony put something on these CD's that just takes over your computer." They can't get it. The phone rings. The baby cries. Something interesting comes on TV. It's like their brain can't stay focused on the statement that a giant media conglomerate is trying to fuck with their computer, trying to fuck with them. I hate to say it, but these companies will eventually win, because the vast majority of people are so fucking clueless about this stuff, and firmly try to stay clueless. Fucking sheeple.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
The real question is, how far up the chain did this idea get spawned from. I would bet that it started by one of the execs complaining about how easy their last DRM programs were killed (Everyone remember the hold-shift hack? Yes? Good, moving on).
In any event, remember, ethical choices require knowledge of intent.
I'll ignore the Godwin and move on. ;-)
Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde
Boycott Sony by refusing to cover the PS3, and encourage other websites to do the same. If they are denied all the prelaunch coverage they need to create a groundswell of demand, it will have real consequences for them, and they will pay attention.
"Principles are greater than profits."
profits yes. floating just above the poverty line, no.
but maybe when you get a real job and have a real "im going to be out on the fucking street again if i dont suck up my ego" moment, then you will see.
but yeah, im sure crazy joe down on the corner who dances for nickles every day is sure happy that his spine is in good health.
I'll just use my special getting high powers one more time...
But looking at the following numerous AC posts:
You're right on some of this. I refinanced my inflated mortgage a few years ago and reduced it by $400/month, my cars are paid off (one was purchased outright when the stock market was low back in 2001), and I have no CC debt because I hate owing anybody anything. I live within my means -- there's a principle for ya. I have one child with another on the way. Next!
See above. BTW, class of '87. Next!
Reasonable people will recognize the difference between survival and living with no regard to any principles. If it comes down to survival (need income for food now!) then yes, that will trump being some paragon of virtue. You'd be foolish not to! You gotta live, even if that means resorting to....gonzo telemarketing.
But in the mundane daily exercise of life, you (the nonspecific you) owe it to yourself to stand for something.
Most people, I think, don't even know what a Rootkit is ...
They do now.
The higher the technology, the sharper that two-edged sword.
It does not matter if it was the Engineer's fault. Can you say Scapegoat? I knew you could. Who plays golf with the CEO? The Engineer? Or the VP of Distribution and IP Protection?
."
"that damn engineer, he said he had the technology to fool the hackers out there so they couldn't detect our DRM. . .
Or, another phrase comes to mind; ". . . you have failed me for the last time. . . "
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Where I can find a copy of the email and attachment for this trojan? For some reason my level of spam has dropped through the floor recently, and I would love to take a look at this thing and start picking it apart. Any help is much appreciated.