Slashdot Mirror
Trojan Using Sony DRM Rootkit Spotted
Analise writes "The Register reports on the first trojan using Sony's DRM rootkit. A newly discovered variant of the Breplibot trojan makes use of the way Sony's rootkit masks files whose filenames begin with '$sys$'. This means that any files renamed this way by the trojan are effectively invisible to the average user. The malware is distributed via an email supposedly from a reputable business magazing requesting that the businessperson verify his/her attached 'picture' to be used for an upcoming issue. Once the payload is executed, the trojan then installs an IRC backdoor on affected Windows systems."
It's just a rumor, but Sony should have some Engineering and Executive positions open in 3....2....1...
I reccomend voting with our wallets, and not purchasing Sony/BMG products. Also see here
Also here is the company that created the DRM technology.
You might want to add a couple of more zeros to the settlement check you are thinking about
Irregardless of the existence of government, the natural rights of an individual cannot be given away (you can't sell yourself into slavery, you can't tell a higher power that it's ok to kill you). One such right is the right to private property, closed to others' prying eyes or presence.
One great force behind this right is that past acts bear no allowances for future acts. If I let you into my house yesterday, you have no right to be here today. I may contractually allow you to come and go as you please, but I have to willfully sign the contract with witnesses noting the act.
Sony's DRM uses government force (through copyright provisions) to settle its legality. They say that by using their property, you have to permanently give up your natural right to private property (free speech Statists wrongfully call it Right to Privacy). Sony is wrong.
By violating numerous natural rights, Sony has opened itself to a demand for restitution. I wholeheartedly believe that corporate protections are wrong, as is copyright. My solution? Go after Sony through the shareholders directly (they own the business and allowed the breach of a basic human right). Demand restitution for the trojan if you receive it.
Imagine if you buy a Saab and Saab has an agreement stating "If you turn the car on, you allow two Saab employees to ride in your trunk and search your house for proof you might install a non-Saab oil filter." You've signed nothing. The two Saab employees open your house door, take up residence and leave the door wide open. Two typical pro-copyright arguments: You're not allowed to install non-Saab oil filters or how else would Saab make money? Why would they design cars?
This is the problem with copyright. Instead of individuals protecting proprietary information of value (books, music, etc) and producing it in the best way over anyone else (live shows, subscriptions to new music, etc), they say "copy us and government will use force against you."
It's all wrong. Don't publicly say anything valuable to you. Don't think you can come in my home because you did once before. Don't think you can rape me because a note in your pocket says you're allowed to, and I let you in without checking your pockets.
Early reports indicate the IRC backdoor is used by the propagator of the virus to bombard you with random chat messages from #windowshelp. So far the most common phrases appearing are "how do i reformat" and "how do i download the internet?"
My 3D Texturing Skinning work (under construction)
Since there was some confusion about how you can tell if this rootkit is installed, remember that it hides files beginning with '$sys$' -
1) If you're not using windows, you're fine.
2) Create a file on your desktop ('test.txt' should be fine). Rename the file to '$sys$test.txt'.
If the file is gone, you're vulnerable.
Video for Online Dating Profiles
I hear the trojan witter is also using an unusual distribution method. Ricky Martin CDs.
Can anyone explain if this rootkit prompts for a password when installing (during the autorun, I presume)
As an OS X user, I'd find it slightly odd that my music CD is prompting me for an administrative password.
But to stay on topic, I'm sure this is but one of the many exploits that will be based on this rootkit.
Does anyone have a comprehensive list of CDs that install it, and is it true that Sony has been using it since April?
If you don't know what AltaVista is (was), get off my lawn.
Seriously i wish some Sony officials got what Worldcomm's Ebbers got: 25 years for entering into another property without permission, vandalism, etc. The less privileged have got far worse sentences for lesser crimes all along
And more so, Sony should replace EVERY affected computer with a brand new Vaio.
"Doing what i can, with what i have." ~ Burt Gummer
I don't know if they are selling these DRM encrusted music discs in the UK, but if they are, each and every one of them will be breaching the 1990 Computer Misuse Act, and in a way that the act does cover - namely it alters the system without your approval or knowledge. What is doubly sad is that the software was written by a British company. Still, makes it easier to sue them.
Secondly, does this rootkit install even if you are logged in as a normal Windows user, not Administrator? That suggests a security hole in Windows. However I suspect the issue is Windows making users Administrator by default, which is a really dumb system, security wise.
It wouldn't be right if the day went by without a Sony Rootkit story on Slashdot. Seriously, I can't get enough of this story, it's what Slashdot was invented for.
That would be a crime in itself...
Disappearing Rootkit Malware
"And more so, Sony should replace EVERY affected computer with a brand new Vaio"
I'd prefer the cash alternative.
My other processor is big-endian.
"And more so, Sony should replace EVERY affected computer with a brand new Vaio." Upon the annoucement of this, Sony sees record sales of its DRM'd CDs.
Sony just loves everyone $sys$anally. They are the greatest company ever when it comes to technology $sys$that $sys$sucks. Everyone is gonna love $sys$to $sys$hate Sony, and they will $sys$not buy any Sony product that they see. It's because Sony loves $sys$to $sys$fuck $sys$with their customers.
so does this at all put sony in hotwater with microsoft legally? perhaps this rootkit, trojan email or not, violates the windows eula.
If someone creates a worm that exploits a negligent design flaw in Sony's DRM or Microsoft Windows, then couldn't the affected sue Sony or Microsoft? This would include non-users of these products whose internet usage was disrupted. And as someone who does NOT use DRMed Sony CDs or Microsoft Windows, I have NOT agreed to these company's EULAs with all their legalese of limited liability. Thus non-users may have more rights to sue than users of these products.
IANAL. Any thoughts?
Two wrongs don't make a right, but three lefts do.
Here's the Slashdot crowd's chance to get the phrase invented by a Slashdotter out in the public eye. It's important that the public learn that DRM is a bad thing, and this is simply one way to tell them plainly how it is bad. DRM breaks their computer, or makes their life more difficult.
j html?articleID=173601122
"Infected with DRM"
Sony's rootkit has also been linked to Windows crashes, which isn't surprising to me. Most spyware causes instability in Windows because it is poorly written and designed to break parts of Windows to protect itself from removal. Sony writes, "This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."
The incongruence of their words, is not startling to me, as they are playing a PR game to hide the fact that they messed up people's computers, and made them vulnerable to an attack that hasn't gained popularity yet, but now surely will. Virus writers will be able to easily hide their virus files using programs like Sony's cloaking DRM. Sony is lying that their cloaking DRM does not compromise security of an infected computer.
http://www.informationweek.com/story/showArticle.
Saskboy's blog is good. 9 out of 10 dentists agree.
El Reg says that Sony UK says they are not selling them in the UK.
What I say does not represent the views of my employers, my friends, my cats, or myself.
I know i should be shocked and offended by retarded attemps at DRM lock-in by Sony... but i can't.
I'm loving this. I just can't wait to see what happens when antivirus/spyware vendors decide to consider the Sony rootkit as an attack vector and remove it accordingly... will it show up as "Sony.CDcopyprotection.malware"? "F4I.XCP.Aurora"? How about the information about it? Will we see legal battles between antivirus vendors and Sony? Class action lawsuits from consumers? I'm already preparing some popcorn for the event!
Sony President Defends Rootkit
The President of Sony BMG's Global Digital Business, Thomas Hesse, defends Sony's installation of a rootkit by declaring, "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"
Source
"What is the answer?" (Silence) "In that case, what is the question?" --Gertrude Stein
Yes, but, what OS's other than Microsoft products allow surf-by and auto-mount driver installs that diddle low level file system api's? Why is no one angry at Microsft about this Sony fiasco?
I'm thinking that outside of users that habitually surf and/or listen to music as root, that Linux and OS X users should be just a wee bit safer than the casual Windows user.
Sure, Linux can be rooted. Now, your homework assignment is to go burn me a disk with music on it that will root my Linux box merely by being inserted, and won't let me listen to the music until my box has been rooted. I like classical.
I'm still waiting for a worm that uses the Sony rootkit to hide itself, spreads to many computers, and then DDoS sony.com. They'd have a hard time knowing what press release to put out if that ever happened.
The sales manager at the company I work for recently received a variant of this worm, and after finding that the attachment "didn't do anything" forwarded it on to me to find out why. I extracted the attachment and analysed it in IDA and discovered that it connected to one of two IRC servers and joined a specific channel.
.. suddenly they all quit and the room was empty except for me and the op.
.. I felt quite akin to him in many ways.
So posing as the trojan I logged onto the IRC channel. I idled there for a while watching the channel op send commands to the connected bots, and decided to have a go myself. The channel was +m but I could PRIVMSG the bots, and a bit more work in IDA revealed the command set - which contained an unload command. So I scripted my irc client to send a msg to every non-op in the channel with the command
"OH SHIT" he typed. He was more shocked than anything, and then more curious than angry. We ended up having a rather long and interesting conversation about our respective jobs. He told about his bot network, what he uses them for (in the UK it's for harvesting email addresses, apparently), the ££ he gets for it - it's a full time job for him - and who writes most of the bot software (his partner.) He was no stereotypical teenage script kiddie either, more a computer professional turned to the 'dark side' of IT
All in all, it was fascinating. (Btw, our firewall blocked the trojan from connecting to IRC and it was fairly easily to remove from the sales manager's laptop)
IF antivirus vendors do start removing the sony rootkit, won't that qualify as circumvention of a copyright device and put them in clear violation of the DMCA? This just keeps getting better and better.
There is not nearly enough love in the world, but there is far too much trust.
California is *not* filing a class-action suit. A private lawyer is filing a suit on behalf of a number of California residents, but the state is not involved with it. Apparently both the submitter of the earlier Sony story and approving "editor" failed to actually read the article that was submitted.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
The following year, all traces of this were removed in the next version and, afaik, it has never returned. I, for one, however, haven't bought their product since and don't plan to ever buy from them again.
I guess Sony just wasn't paying attention.
That list of CDs can't be right. Those albums are all over the P2Ps. That's exactly what the rootkit is supposed to prevent from happening!
Furthermore, in most (if not all) countries, "land ownership" does NOT include mineral rights (which are arguably a significant part of the land) and can often be overruled or dismissed by the Government should they decide they can make better use of the land (5th Amenndment in the USA includes this provision, I believe). As such, it is not really ownership and can - at best - be called borrowing from the State.
There are countries in which private ownership of any kind simply isn't recognized at all. Everything is communal. Such societies don't seem to be any less rights-respecting than any other. Indeed, the USA - which has more codified rights than almost any other country - has one of the worst records of any country for actually honoring what is codified. Indeed, not only is it not honored, even when the courts rule against it, the US Government doesn't always respect those decisions. (The Sioux won in the Supreme Court to have the Black Hills revert to them - that was something like 40 or 50 years ago and the US Government is still refusing to honor the ruling.) Even when it does respect them, it has the power to replace any judge that rules against them (as threatened by DeLay over the Terri Schaivo case) which does damage any semblance of independence or impartiality.
I do believe there are Natural Rights. I believe there is a Natural Right for any individual to be seen for oneself, that there is a Natural Right for any individual to improve their quality of life, that there is a Natural Right for any individual to hold to any beliefs they so choose, that there is a Natural Right for any individual or group to privacy and that there is a Natural Right for any individual or group to maximise potential and minimise harm.
Most of these are what Republicans and Libertarians would consider obnoxiously socialist. The only way to maximise potential is to maximise the flow of information and to guarantee the practicalities of learning that information in a manner that is useful and usable. In other words, maximal quality education and minimal restraint on learning. In practice, if you're from a poor family in a poor area in the US, the only way to learn is to be good at sports or be in the military. Oh, and be male. Poor females in the US are left to rot, regardless. The only way to be good at sports in the US seems to be to take dangerous (and eventually lethal) drugs. Brain damage and other sporting injuries are pretty common. The US military is routinely accused of fraudulant claims in recruitment efforts, violent abuse (sometimes lethal) against recruits and persecution of non-Christians. Rape of females in the US military also appears to be a common complaint - and rarely investigated.
Rights - Natural or otherwise - are only meaningful if enforcable. This is one reason the original version of the Magna Carta stipulated the right to seize (by force, if necessary) judicially-awarded compensation or enforce judicially-awarded rulings against the Government (in that case, the king). In other words, nobody - absolutely nobody - was above the law, and nobody could use executive priviledges to abuse the law or anything else. Name me one country that has such a provision today. (No, the US impeachment procedure doesn't count. The current Congress wouldn't impeach Bush if he was caught red-handed in an act of treason, and the population at large has no impeachment rights. The UK's vote of no co
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
So far, I haven't seen any mention on the mainstream news about this. Maybe because it's too technical, but I think it's because CNN is a company of Time-Warner, and Time-Warner and Sony are fellow MPAA (and/or RIAA?) members. They (CNN) are great about covering the fluff. Count on them to down-play the stuff that hurts their business sleaze.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
"So how do you put a corporation in jail?"
Revoke their import/export licenses.
Stop the trading of their securities.
Lots of other ways. You need all kinds of permissions to do big business. Those permissions can be withdrawn.