SONY BMG fights back with malware

[Trans-Siberian Outcast]

With us being old-school metalheads, we likely don't have to worry about this. I know I didn't buy any cds from the Sony label. They consist mostly of pop, country, and rap. BUT, just in case, you all should be aware of the following:

Sony CD Copy Protection Relies On Hacker Rootkit

By Gregg Keizer, TechWeb News

Security researchers have identified a rootkit -- software used by hackers to hide their malicious code from anti-virus and anti-spyware defenses -- within the copy protection scheme Sony BMG Music Entertainment uses to prevent music CDs from being copied to computers.
The digital rights management (DRM) technology that Sony BMG uses limits the number of times a CD can be "ripped" to a computer. To prevent the DRM software from being easily circumvented, the copy protection's creator -- a U.K.-based company called First4Internet -- uses a rootkit to hide the DRM's files.

An independent researcher, Mark Russinovich, and the Helsinki-based F-Secure security firm, published details almost simultaneously on the DRM technology Sony BMG uses, and that technology's application of a rootkit.

Both stressed that rootkits are most commonly used by malicious code writers -- hackers -- and the use of it by a legitimate company such as Sony was alarming, they warned.

"Once the rootkit is there, there's no direct way to uninstall it," said Mikko Hyppönen, F-Secure's chief research officer, in an online brief. "The system is implemented in a way that makes it possible for viruses (or any other malicious program) to use the rootkit to hide themselves. too. This may lead to a situation where the virus remains undetected even if the user has got updated antivirus software installed."

Russinovich, who stumbled across the rootkit after a long investigation that involved a number of advanced PC forensic tools, agreed. "Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall."

In fact, when Russinovich tried to uninstall the DRM software, all he got for his trouble was a dead CD drive.

"Most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files," he said.

Removing the rootkit is so fraught with possibilities of calamity that F-Secure recommended users don't try it themselves. Instead, Hyppönen urged users to fill out a Sony BMG Web form and ask for instructions on how to remove the software. F-Secure has tested the resulting removal process -- which relies on the installation of an Internet Explorer ActiveX control -- and has confirmed it works.

According to one anti-spyware expert, Sony has no excuse for leaning on a rootkit to copy protect its content.

"Rootkits are always malicious," said Richard Stiennon, director of threat research for the Boulder, Colo.-based anti-spyware vendor Webroot. "There's no legitimate use of a rootkit, whose only purpose is to hide code from the operating system." Stiennon is intimately familiar with rootkits, since they're often by spyware writers to disguise some of their nastier work, like password keyloggers.

 

[Wyvern]

Alarming indeed, providing it's true and not just a scary tale to prevent pirates from copying.
In anycase I wonder what would happen with a stand-alone copier.

P.S. Is not Judas Priest with Sony again?

 

[Trans-Siberian Outcast]

Oh, it's true Wyv, it's all over the news. Hackers are already discovering ways of hiding viruses in their rootkit. First thing I did was check my Judas Priest, and it's on EPIC, a division of Columbia. Whew.

If you Google "sony rootkit" you'll see a ton of stuff about this. This is ONE HUGE BLUNDER on their part. Greedy assholes.

This will backfire on them, big time. Now, anyone who wants a cd on the Sony BMG label is going to be much more inclined to go download it for free rather than pay $20 for the priviledge of getting malware installed on your computer.

 

[kittybeast]

I thought Priest's latest was under Sony, Ozzy is under Sony. I read what the article said, though not sure I completely understand.

Is this a warning not to copy sony cd's or you'll get a virus? I have several cd's that say there is 'anti-theft' software in them. Me not knowing a damn thing about computers...I just never copied it.

 

[Wheezer]

First thing I did was check my Judas Priest, and it's on EPIC, a division of Columbia. Whew.

Here's a list of Sony's labels (Columbia is one of them):
BMG Heritage
BMG International Companies
Columbia Records
Epic Records
J Records
Jive Records
LaFace Records
Legacy Recordings
Provident Music Group
RCA Records
RCA Victor Group
RLG - Nashville
Sony Classical
Sony Music International
Sony Music Nashville
Sony Wonder
Sony Urban Music
So So Def Records
Verity Records

If you Google "sony rootkit" you'll see a ton of stuff about this. This is ONE HUGE BLUNDER on their part. Greedy assholes.

This will backfire on them, big time. Now, anyone who wants a cd on the Sony BMG label is going to be much more inclined to go download it for free rather than pay $20 for the priviledge of getting malware installed on your computer.

Not only was it a crappy thing to do it still didn't prevent copying or ripping the disc. The record companies continue to do things to keep the honest consumers honest. They haven't yet figured out that for everything they come up with the pirates will counter. They coninue to blame piracy for slumping sales when it just might be the fact that consumers are tired of paying $15-$20 for one or two quality songs per album. And, given the opportunity, will legally download and pay for those one or two songs.

 

[Wyvern]

This will backfire on them, big time. Now, anyone who wants a cd on the Sony BMG label is going to be much more inclined to go download it for free rather than pay $20 for the priviledge of getting malware installed on your computer.

It will backfire more because of the price than because of malware, after all supposedly you play a CD on a sound system not a computer, then again I always play a CD while navigate the Net even if I seldom rip albums and/or copy them.

 

[Trans-Siberian Outcast]

Is this a warning not to copy sony cd's or you'll get a virus? I have several cd's that say there is 'anti-theft' software in them. Me not knowing a damn thing about computers...I just never copied it.

It is a hidden program that they install on your computer when you put the disc in. It doesn't actually prevent copying, because it's viable that a consumer may want to create a back-up copy of the disc. What it does is LIMIT THE NUMBER OF TIMES you can copy it. The problem is with the hidden code they hide on your computer. It allows hackers to use what's already there to attack your computer easily.

I guess I'd better run that patch just in case since I've got that Priest disc. I didn't know Columbia was a division of Sony. And my computer IS MY STEREO, so anything like this pisses me off...that they'd compromise the machine I MAKE A LIVING ON just to keep their pockets stuffed a little tighter.

And like Wheezer says, it's really preposterous, this approach. The people who are buying the cds aren't their problem. It's the people downloading them for free! They're barking up the wrong fucking tree.

 

[MURAI]

By the way on the ever so talked about topic about mp3s.. Have you all heard that in Canada they place taxes or additional fees on blanc CD and tapes so the profit from it goes to record companies? It's a pretty good system because even people who just download songs even contribute a bit. I am not sure if they have this in the States though.