Did Sony Infect Your Computer?
I'm sure many of you have heard about the much-maligned Digital Rights Management scheme employed by Sony and its subsidiaries to prevent people from copying their CDs. Technical takes on the schemes by Mark Russinovich can be found up at the Sysinternals webpage here and here. To summarize for any non-technical folks:
When you throw the CD in your (Windows) computer's CD drive, a bit of software is installed - called a "rootkit". A rootkit is software that works deep in the bowels of Windows and hides itself. There's no evidence that it's running unless you use special software designed to find rootkits. What the software does in this case is to enforce copyright law by making sure you aren't able to copy the contents of the disc or, rather from what I've read, the copy you make will be distorted and unlistenable.
The problem begins with the fact that Sony never informs the user that a rootkit will be installed so, in essence, it is modifying your computer without your permission. While, from all accounts, the Sony rootkit is benign, there are now reports that malicious computer viruses are now spreading that take advantage of the Sony DRM rootkit to infect your computer:
Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory.
"This means, that for systems infected by the Sony DRM rootkit technology, the dropped file is entirely invisible to the user. It will not be found in any process and file listing. Only rootkit scanners, such as the free utility RootkitRevealer, can unmask the culprit," warns Ivan Macalintal, a senior threat analyst at security firm Trend Micro.
The malware arrives attached in an email, which pretends to come from a reputable business magazine, asking the businessman to verify his/her "picture" to be used for the December issue. If the malicious payload contained in this email is executed then the Trojan installs an IRC backdoor on affected Windows systems.
If you want to remove the software your Sony CD installed, go to Sony's webpage. N.B. - once you uninstall the software, you will no longer be able to play the CD on your computer!
For a list of which CDs are infected with the Sony DRM rootkit, check out these lists at:
Slashdot
Electronic Frontier Foundation
Finally, please note that, as far as I've heard, this issue only affects Windows users. (See this story from a Mac user.)
When you throw the CD in your (Windows) computer's CD drive, a bit of software is installed - called a "rootkit". A rootkit is software that works deep in the bowels of Windows and hides itself. There's no evidence that it's running unless you use special software designed to find rootkits. What the software does in this case is to enforce copyright law by making sure you aren't able to copy the contents of the disc or, rather from what I've read, the copy you make will be distorted and unlistenable.
The problem begins with the fact that Sony never informs the user that a rootkit will be installed so, in essence, it is modifying your computer without your permission. While, from all accounts, the Sony rootkit is benign, there are now reports that malicious computer viruses are now spreading that take advantage of the Sony DRM rootkit to infect your computer:
Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory.
"This means, that for systems infected by the Sony DRM rootkit technology, the dropped file is entirely invisible to the user. It will not be found in any process and file listing. Only rootkit scanners, such as the free utility RootkitRevealer, can unmask the culprit," warns Ivan Macalintal, a senior threat analyst at security firm Trend Micro.
The malware arrives attached in an email, which pretends to come from a reputable business magazine, asking the businessman to verify his/her "picture" to be used for the December issue. If the malicious payload contained in this email is executed then the Trojan installs an IRC backdoor on affected Windows systems.
If you want to remove the software your Sony CD installed, go to Sony's webpage. N.B. - once you uninstall the software, you will no longer be able to play the CD on your computer!
For a list of which CDs are infected with the Sony DRM rootkit, check out these lists at:
Slashdot
Electronic Frontier Foundation
Finally, please note that, as far as I've heard, this issue only affects Windows users. (See this story from a Mac user.)
posted by Palmer at 12:11 PM
0 Comments:
Post a Comment
<< Home