Sophos develops Sony DRM unmasking tool - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
Thread Tools Display Modes
Old 11-10-2005, 11:17 PM   #1 (permalink)
Techie Beyond Description
Osiris's Avatar
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Sophos develops Sony DRM unmasking tool

UK security firm Sophos plans to release a tool which will detect the existence of Sony's DRM copy-protection rootkit on Windows computers, disable it, and prevent it from re-installing.

The move follows the discovery of the first malware (a Trojan called Breplibot) that takes advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its music CDs to mask its presence on infected systems.

"Sophos is acting on customers' concern that the software on Sony's CDs is introducing a vulnerability which hackers and virus writers are able to exploit," explained Cluley. "We will give customers the ability to determine if their computers suffer from the vulnerability and remove it if necessary." The free download should be available today.

Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory. Once loaded in this way the malware will be invisible to anti-virus scanners. Only rootkit scanners, such as the free utility RootkitRevealer, can unmask the malware.

Sophos's tool will remove this cloaking behaviour but will not remove the software components installed by Sony-BMG, the deletion of which might cause system instability. But this very cloaking means it may not be obvious to users that they need the tool. Around 20 CDs from Sony-BMG which have shipped an estimated 2m copies around the world feature the controversial DRM technology, developed by UK security developer First4Internet. Sophos obtained advice from First4Internet in developing its tool.

We wanted to ask First4Internet and Sony-BMG what they intended to do to make sure their copy-protection technology wasn't abused by virus writers but neither returned our calls this afternoon.

Osiris is offline  
Old 11-12-2005, 12:00 PM   #2 (permalink)
Techie Beyond Description
Osiris's Avatar
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris

Sony BMG has said it will suspend production of audio 'CDs' that use the rootkit-style DRM developed by British company First4Internet Ltd, XCP. However the music giant refused to apologize for the software, which exposes PCs to malware and can disable CD playing functions.

Sony also declined to follow EMI's example in September and recall CDs already in the retail channels.

Around 20 CDs use XCP, which has been on the market since April. (The EFF has a list, here).

But since a security website drew attention to implications of XCP last week, Sony has been deluged with complaints, and prompted lawsuits in California and Italy.

"We are aware that a computer virus is circulating that may affect computers with XCP content protection software," Sonysaid in a statement. "Nonetheless, as a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology. We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use."

Sony may rue the wave of consumer outrage, and the subsequent lawsuits. But it may also note that the scandal took more than six months to surface.

And it isn't exactly rushing to make amends. The unfortunately worded phrase "ease of consumer use" reminds us that while the stealth DRM software installs itself without permission (the click-through statement fails to inform of the user of its true nature), uninstalling it requires the CD buyer to request permission from Sony via a web form. So it's hard to take Sony BMG's assurances seriously.

Osiris is offline  
Old 11-15-2005, 06:39 AM   #3 (permalink)
Techie Beyond Description
Osiris's Avatar
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris

So how many CDs actually contain XCP, Sony BMG's notorious DRM consumer assault weapon? And which ones?

Sony says that only 20 titles, which it refuses to name, contain the XCP virus - software which attacks music piracy by attacking your PC. But is it being economic with the actualité?

Reg reader Geoffrey McCaleb has found no fewer than 47 titles containing Sony's DRM rootkit. They are spread across several sub-labels owned by Sony-BMG, so it looks like a little finessing is going on.

Geoffrey has posted the list of rootkit-infected titles he's uncovered so far in his blog.

Sony BMG's woes continued yesterday with Microsoft's decision that the DRM software contained on infected CDs, counted as "malicious software under the rules it uses to define what Windows should be protected against", the BBC reports.

Sony has suspended production of CDs incorporating XCP copy protection, but the PR nightmare continues: class action lawsuits in California mean the record giant will be cleaning this oil slick for months to come
Osiris is offline  
Old 11-17-2005, 12:12 PM   #4 (permalink)
Master Techie
RicoDirenzo's Avatar
Join Date: May 2005
Posts: 2,102

From Fox News:

The last line in the story says it all!! It's about the class action law suit!! Their EULA makes no mention of the Root Kit!! They set themselves up for this. Arrogant bunch of jackasses, be they (Yodaesse)!!!

Sony BMG Recalling Hidden-Software Music CDs
Wednesday, November 16, 2005

•Sony BMG 'Rootkit' on 500,000 Systems, Expert Says•Microsoft Treating Sony BMG Rootkit as Malicious Software•Experts: Sony BMG Rootkit 'Fix' Only Makes Things Worse•Sony BMG Suspends Making 'Rootkit' CDs•Euro Group: Music Consumers' Rights Being Abused•Microsoft 'Concerned' by Sony DRM•First Sony BMG 'Rootkit' Virus Reported•Sony BMG Sued Over 'Rootkit' on CDs•Sony BMG Releasing Rootkit-Revealing Patch•Sony BMG Hacking Into CD Buyers' Computers
AMSTERDAM — Record company Sony BMG, yielding to consumer concern, said on Wednesday it was recalling music CDs containing copy-protection software that acts like virus software and hides deep inside a computer.

"We share the concerns of consumers regarding discs with XCP content-protected software, and, for this reason, we are instituting a consumer exchange programme and removing all unsold CDs with this software from retail outlets," Sony BMG said in an statement.

The XCP software used by Sony BMG, which was developed by British software developers First4Internet, leaves the back door open for malicious online hackers.

Sony BMG, in a separate statement, also announced it would distribute a program to remove the software from a PC where it jeopardizes security.

"We deeply regret any inconvenience this may cause our customers. Details of this [recall] program will be announced shortly," Sony BMG said.

The withdrawal is set to affect millions of compact discs from artists such as Celine Dion and Sarah McLachlan, but Sony did not give exact figures or the names of the artists affected.

Sony reiterated that the copy-protection software only installs itself on personal computers and not on ordinary CD and DVD players.

Microsoft Corp.'s (MSFT) anti-virus team said on Tuesday it would add a detection and removal mechanism to rid a personal computer of the Sony's DRM copy-protection software. The software installs itself only on PCs running Microsoft's Windows operating system.

The flaws of the copy-protection software became acute last week, when the first computer viruses emerged that took advantage of the security holes left by the program.

Responding to public outcry over the software, the music publishing venture of Japanese electronics conglomerate Sony Corp. (SNE) and Germany's Bertelsmann AG had said on Friday it would temporarily suspend the manufacture of music CDs containing XCP technology.

It then provided a patch to make the hidden program more visible. At the time it did not recall the CDs or offer a program to remove it from computers. The initial measures still left PCs vulnerable, according to software engineers.

The program will have installed itself on a Windows-operated personal computer when consumers wanted to play certain Sony BMG music CDs. The program forces consumers to use a music player that comes with the program.

Sony BMG has positioned itself as a defender of artists' rights. It re-emphasized on Friday that copy-protection software is "an important tool to protect our intellectual property rights and those of our artists."

Sony BMG last week was targeted in a class-action lawsuit complaining that it had not disclosed the true nature of its copy-protection software.
Noli Nothis Permittere Te Terere!!
EVGA 680i, Dual EVGA 8800GT'S (650/950), 4 gigs OCZ DDR2 1066, Intel Q9450 at 3.8 Ghz, Koolance Water Cooled, Dual Plextor16x DL DVD+/-RW. Dual WD 250gb 16mb Cache Sata 3.0. 3DMark06 score = 19,168.
RicoDirenzo is offline  
Old 11-17-2005, 11:58 PM   #5 (permalink)
Chillin Techie
Join Date: Nov 2004
Location: USA
Posts: 11,861

they (sony) were on the news today blame third party people for implementing the software. they claimed that they didn't know that it was there
The Ultimate Hard Drive Utility PowerMax 4.23. (It now has the ability to clean a Boot Sector virus on the quick erase option.)
The best browser Netscape 8
Have you accidently delete something? Look here (trial. the better one) and here(free)
EricB is offline  
Old 11-18-2005, 12:02 AM   #6 (permalink)
Master Techie
Join Date: Apr 2004
Posts: 2,538

part of the code used was GPL also, allegedly from one of dvdjohn's projects

horndude is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 03:10 AM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.