Slashdot Mirror
Trojan Using Sony DRM Rootkit Spotted
Analise writes "The Register reports on the first trojan using Sony's DRM rootkit. A newly discovered variant of the Breplibot trojan makes use of the way Sony's rootkit masks files whose filenames begin with '$sys$'. This means that any files renamed this way by the trojan are effectively invisible to the average user. The malware is distributed via an email supposedly from a reputable business magazing requesting that the businessperson verify his/her attached 'picture' to be used for an upcoming issue. Once the payload is executed, the trojan then installs an IRC backdoor on affected Windows systems."
Sony, you are despicable loathing scum who will no longer get another penny from me. For deliberately putting computers I maintain at risk to save a penny on your end, I find you guilty as charged. Microsoft should be suing you for such as well. In fact everyone just gang up on Sony and charge with those attorneys. Burn in hell bastards...
It's just a rumor, but Sony should have some Engineering and Executive positions open in 3....2....1...
I reccomend voting with our wallets, and not purchasing Sony/BMG products. Also see here
Also here is the company that created the DRM technology.
You might want to add a couple of more zeros to the settlement check you are thinking about
Irregardless of the existence of government, the natural rights of an individual cannot be given away (you can't sell yourself into slavery, you can't tell a higher power that it's ok to kill you). One such right is the right to private property, closed to others' prying eyes or presence.
One great force behind this right is that past acts bear no allowances for future acts. If I let you into my house yesterday, you have no right to be here today. I may contractually allow you to come and go as you please, but I have to willfully sign the contract with witnesses noting the act.
Sony's DRM uses government force (through copyright provisions) to settle its legality. They say that by using their property, you have to permanently give up your natural right to private property (free speech Statists wrongfully call it Right to Privacy). Sony is wrong.
By violating numerous natural rights, Sony has opened itself to a demand for restitution. I wholeheartedly believe that corporate protections are wrong, as is copyright. My solution? Go after Sony through the shareholders directly (they own the business and allowed the breach of a basic human right). Demand restitution for the trojan if you receive it.
Imagine if you buy a Saab and Saab has an agreement stating "If you turn the car on, you allow two Saab employees to ride in your trunk and search your house for proof you might install a non-Saab oil filter." You've signed nothing. The two Saab employees open your house door, take up residence and leave the door wide open. Two typical pro-copyright arguments: You're not allowed to install non-Saab oil filters or how else would Saab make money? Why would they design cars?
This is the problem with copyright. Instead of individuals protecting proprietary information of value (books, music, etc) and producing it in the best way over anyone else (live shows, subscriptions to new music, etc), they say "copy us and government will use force against you."
It's all wrong. Don't publicly say anything valuable to you. Don't think you can come in my home because you did once before. Don't think you can rape me because a note in your pocket says you're allowed to, and I let you in without checking your pockets.
"The response of anti-virus firms, some of which have only promised to flag up rather than block system changes made by Sony-BMG's rootkit, remains unclear. "
Ooh fun to be had here. Sony are gonig to love this publicity.
Ha ha. I have little respect for these companies who I see to be the same as those who four hundred years ago sold "herbs" to protect you from the plague. These ppl still profit from ppl's lack of knowledge.
Early reports indicate the IRC backdoor is used by the propagator of the virus to bombard you with random chat messages from #windowshelp. So far the most common phrases appearing are "how do i reformat" and "how do i download the internet?"
My 3D Texturing Skinning work (under construction)
Since there was some confusion about how you can tell if this rootkit is installed, remember that it hides files beginning with '$sys$' -
1) If you're not using windows, you're fine.
2) Create a file on your desktop ('test.txt' should be fine). Rename the file to '$sys$test.txt'.
If the file is gone, you're vulnerable.
Video for Online Dating Profiles
I hear the trojan witter is also using an unusual distribution method. Ricky Martin CDs.
Evil? Yes. But there are uses! Not that it has any affect on my Mac or Ubuntu box...
Well, I was debating buying a PS3 instead of a Nintendo Revolution. Not anymore!
Can anyone explain if this rootkit prompts for a password when installing (during the autorun, I presume)
As an OS X user, I'd find it slightly odd that my music CD is prompting me for an administrative password.
But to stay on topic, I'm sure this is but one of the many exploits that will be based on this rootkit.
Does anyone have a comprehensive list of CDs that install it, and is it true that Sony has been using it since April?
If you don't know what AltaVista is (was), get off my lawn.
I don't know if they are selling these DRM encrusted music discs in the UK, but if they are, each and every one of them will be breaching the 1990 Computer Misuse Act, and in a way that the act does cover - namely it alters the system without your approval or knowledge. What is doubly sad is that the software was written by a British company. Still, makes it easier to sue them.
Secondly, does this rootkit install even if you are logged in as a normal Windows user, not Administrator? That suggests a security hole in Windows. However I suspect the issue is Windows making users Administrator by default, which is a really dumb system, security wise.
It wouldn't be right if the day went by without a Sony Rootkit story on Slashdot. Seriously, I can't get enough of this story, it's what Slashdot was invented for.
Disappearing Rootkit Malware
Sony just loves everyone $sys$anally. They are the greatest company ever when it comes to technology $sys$that $sys$sucks. Everyone is gonna love $sys$to $sys$hate Sony, and they will $sys$not buy any Sony product that they see. It's because Sony loves $sys$to $sys$fuck $sys$with their customers.
so does this at all put sony in hotwater with microsoft legally? perhaps this rootkit, trojan email or not, violates the windows eula.
If someone creates a worm that exploits a negligent design flaw in Sony's DRM or Microsoft Windows, then couldn't the affected sue Sony or Microsoft? This would include non-users of these products whose internet usage was disrupted. And as someone who does NOT use DRMed Sony CDs or Microsoft Windows, I have NOT agreed to these company's EULAs with all their legalese of limited liability. Thus non-users may have more rights to sue than users of these products.
IANAL. Any thoughts?
Two wrongs don't make a right, but three lefts do.
Here's the Slashdot crowd's chance to get the phrase invented by a Slashdotter out in the public eye. It's important that the public learn that DRM is a bad thing, and this is simply one way to tell them plainly how it is bad. DRM breaks their computer, or makes their life more difficult.
j html?articleID=173601122
"Infected with DRM"
Sony's rootkit has also been linked to Windows crashes, which isn't surprising to me. Most spyware causes instability in Windows because it is poorly written and designed to break parts of Windows to protect itself from removal. Sony writes, "This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."
The incongruence of their words, is not startling to me, as they are playing a PR game to hide the fact that they messed up people's computers, and made them vulnerable to an attack that hasn't gained popularity yet, but now surely will. Virus writers will be able to easily hide their virus files using programs like Sony's cloaking DRM. Sony is lying that their cloaking DRM does not compromise security of an infected computer.
http://www.informationweek.com/story/showArticle.
Saskboy's blog is good. 9 out of 10 dentists agree.
El Reg says that Sony UK says they are not selling them in the UK.
What I say does not represent the views of my employers, my friends, my cats, or myself.
Sony President Defends Rootkit
The President of Sony BMG's Global Digital Business, Thomas Hesse, defends Sony's installation of a rootkit by declaring, "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"
Source
"What is the answer?" (Silence) "In that case, what is the question?" --Gertrude Stein
Yes, but, what OS's other than Microsoft products allow surf-by and auto-mount driver installs that diddle low level file system api's? Why is no one angry at Microsft about this Sony fiasco?
I'm thinking that outside of users that habitually surf and/or listen to music as root, that Linux and OS X users should be just a wee bit safer than the casual Windows user.
Sure, Linux can be rooted. Now, your homework assignment is to go burn me a disk with music on it that will root my Linux box merely by being inserted, and won't let me listen to the music until my box has been rooted. I like classical.
I'm still waiting for a worm that uses the Sony rootkit to hide itself, spreads to many computers, and then DDoS sony.com. They'd have a hard time knowing what press release to put out if that ever happened.
If some bored teenager devised and distributed such a rootkit, he or she would be accused of costing businesses millions and thrown in jail for 10 years. Can someone explain to me why Sony is not getting prosecuted for "hacking" here? What makes them exempt (aside from whatever civil lawsuits are being brought against them)?
Join Tor today!
The sales manager at the company I work for recently received a variant of this worm, and after finding that the attachment "didn't do anything" forwarded it on to me to find out why. I extracted the attachment and analysed it in IDA and discovered that it connected to one of two IRC servers and joined a specific channel.
.. suddenly they all quit and the room was empty except for me and the op.
.. I felt quite akin to him in many ways.
So posing as the trojan I logged onto the IRC channel. I idled there for a while watching the channel op send commands to the connected bots, and decided to have a go myself. The channel was +m but I could PRIVMSG the bots, and a bit more work in IDA revealed the command set - which contained an unload command. So I scripted my irc client to send a msg to every non-op in the channel with the command
"OH SHIT" he typed. He was more shocked than anything, and then more curious than angry. We ended up having a rather long and interesting conversation about our respective jobs. He told about his bot network, what he uses them for (in the UK it's for harvesting email addresses, apparently), the ££ he gets for it - it's a full time job for him - and who writes most of the bot software (his partner.) He was no stereotypical teenage script kiddie either, more a computer professional turned to the 'dark side' of IT
All in all, it was fascinating. (Btw, our firewall blocked the trojan from connecting to IRC and it was fairly easily to remove from the sales manager's laptop)
Boycott isn't going to do squat to a company the size of Sony. If Sony BMG's profits actually go down, they'll just blame music pirate and file sharers. Then they'll get laws even worse than the DCMA passes. Everybody who get trojaned with the help of Sony's rootkit needs to sue Sony.
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
This could end up being a turning point. The organisations pusing for DRM will easily and swiftly realise what this leads to:
All their heavy public relations work to portray the reluctant consumers as merely "pirates" is on for a trying test.
IF antivirus vendors do start removing the sony rootkit, won't that qualify as circumvention of a copyright device and put them in clear violation of the DMCA? This just keeps getting better and better.
There is not nearly enough love in the world, but there is far too much trust.
"This trojan has been brought to you by...
Sony.
When your files are too important to be seen by anyone.
Just $sys$ it."
Michael Coyne
http://turthalion.blogspot.com
The following year, all traces of this were removed in the next version and, afaik, it has never returned. I, for one, however, haven't bought their product since and don't plan to ever buy from them again.
I guess Sony just wasn't paying attention.
That list of CDs can't be right. Those albums are all over the P2Ps. That's exactly what the rootkit is supposed to prevent from happening!
Furthermore, in most (if not all) countries, "land ownership" does NOT include mineral rights (which are arguably a significant part of the land) and can often be overruled or dismissed by the Government should they decide they can make better use of the land (5th Amenndment in the USA includes this provision, I believe). As such, it is not really ownership and can - at best - be called borrowing from the State.
There are countries in which private ownership of any kind simply isn't recognized at all. Everything is communal. Such societies don't seem to be any less rights-respecting than any other. Indeed, the USA - which has more codified rights than almost any other country - has one of the worst records of any country for actually honoring what is codified. Indeed, not only is it not honored, even when the courts rule against it, the US Government doesn't always respect those decisions. (The Sioux won in the Supreme Court to have the Black Hills revert to them - that was something like 40 or 50 years ago and the US Government is still refusing to honor the ruling.) Even when it does respect them, it has the power to replace any judge that rules against them (as threatened by DeLay over the Terri Schaivo case) which does damage any semblance of independence or impartiality.
I do believe there are Natural Rights. I believe there is a Natural Right for any individual to be seen for oneself, that there is a Natural Right for any individual to improve their quality of life, that there is a Natural Right for any individual to hold to any beliefs they so choose, that there is a Natural Right for any individual or group to privacy and that there is a Natural Right for any individual or group to maximise potential and minimise harm.
Most of these are what Republicans and Libertarians would consider obnoxiously socialist. The only way to maximise potential is to maximise the flow of information and to guarantee the practicalities of learning that information in a manner that is useful and usable. In other words, maximal quality education and minimal restraint on learning. In practice, if you're from a poor family in a poor area in the US, the only way to learn is to be good at sports or be in the military. Oh, and be male. Poor females in the US are left to rot, regardless. The only way to be good at sports in the US seems to be to take dangerous (and eventually lethal) drugs. Brain damage and other sporting injuries are pretty common. The US military is routinely accused of fraudulant claims in recruitment efforts, violent abuse (sometimes lethal) against recruits and persecution of non-Christians. Rape of females in the US military also appears to be a common complaint - and rarely investigated.
Rights - Natural or otherwise - are only meaningful if enforcable. This is one reason the original version of the Magna Carta stipulated the right to seize (by force, if necessary) judicially-awarded compensation or enforce judicially-awarded rulings against the Government (in that case, the king). In other words, nobody - absolutely nobody - was above the law, and nobody could use executive priviledges to abuse the law or anything else. Name me one country that has such a provision today. (No, the US impeachment procedure doesn't count. The current Congress wouldn't impeach Bush if he was caught red-handed in an act of treason, and the population at large has no impeachment rights. The UK's vote of no co
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
So far, I haven't seen any mention on the mainstream news about this. Maybe because it's too technical, but I think it's because CNN is a company of Time-Warner, and Time-Warner and Sony are fellow MPAA (and/or RIAA?) members. They (CNN) are great about covering the fluff. Count on them to down-play the stuff that hurts their business sleaze.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
I've tried mentioning this story to some of my non-geek friends, and their eyes just glaze over. I even try phrasing it like, "Sony put something on these CD's that just takes over your computer." They can't get it. The phone rings. The baby cries. Something interesting comes on TV. It's like their brain can't stay focused on the statement that a giant media conglomerate is trying to fuck with their computer, trying to fuck with them. I hate to say it, but these companies will eventually win, because the vast majority of people are so fucking clueless about this stuff, and firmly try to stay clueless. Fucking sheeple.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
It's 2.5 kids dammit! I like to say that because it sounds trendy!
But seriously, I aggree with you 100%, but I also agree that you could get into some bad luck, get stuck with big bills because you couldn't find good work no matter how hard you tried, and up to this point you've tried to live your life in a fairly moral manner.
Even as a 26 year old with a pretty good paying job in IT, I wouldn't exactly just up and quit my job because of something like this. I would, however, raise serious objections that would probably get me put on the shit list eventually. But I wouldn't quit.
If the company were developing a way to secretly kill babies, I'd quit in a moment. But in the case of a rootkit for the purpose of copy-protecting a music CD? Well, I can live with that I suppose.
- It's not the Macs I hate. It's Digg users. -
Boycott Sony by refusing to cover the PS3, and encourage other websites to do the same. If they are denied all the prelaunch coverage they need to create a groundswell of demand, it will have real consequences for them, and they will pay attention.
CA antivirus is now removing the DRM. I think this is a violation of the DMCA, right? 5 years in prison and a big fine? Let the fireworks begin. story
Here is a useful definition of "natural right" that might help people understand the natural rights perspective:
natural right(n): A political condition required for the life of a morally autonomous being.
A natural right, in this view, is to political or social life what the requrirement for food, water or air is to physical life. I cannot say, "I relenquish my need for food" in any meaningful sense, because it is my nature to need food to live.
Likewise, for a being whose mode of life involves making and acting on its own value judgements, certain political conditions are required. The need for these political conditions cannot be relenquished.
"Tyranny" is a political condition, as is "republic", "police state", etc. Not all of these political conditions allow morally autonomous beings to live as such.
Note that I do not believe that natural rights theory is sufficient to construct a theory of society. Nor do I believe that protection of natural rights is a sufficient basis for a just society. Humans are more than rights-bearing creatures, and our social needs are far more complex than the needs described by natural rights. A natural-rights-only society is the bread-and-water diet of social theory: sufficient to sustain some kind of existence, but not sufficient for genuine health and happiness.
Blasphemy is a human right. Blasphemophobia kills.
Where I can find a copy of the email and attachment for this trojan? For some reason my level of spam has dropped through the floor recently, and I would love to take a look at this thing and start picking it apart. Any help is much appreciated.