Virus writers have begun taking advantage of Sony-BMG’s use of rootkit technology in DRM software bundled with its music CDs.

Sony-BMG’s rootkit DRM technology masks files whose filenames start with “$sys$”. A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file “$sys$drv.exe” in the Windows system directory.

“This means, that for systems infected by the Sony rootkit, the dropped file is entirely invisible to the user. It will not be found in any process and file listing. Only rootkit scanners, such as the free utility RootkitRevealer, can unmask the culprit,” warns Ivan Macalintal, a senior threat analyst at security firm Trend Micro

The malware arrives attached in an email, which pretends to come from a reputable business magazine, asking the businessman to verify his/her “picture” to be used for the December issue. If the malicious payload contained in this email is executed then the Trojan installs an IRC backdoor on affected Windows systems.


Sony has clarified it’s response to the DRM question:

The President of Sony BMG’s global digital business division Thomas Hesse has weighed into the storm…

“Most people, I think, don’t even know what a rootkit is, so why should they care about it?” he huffed.

I think we can take that as: “No responsibility at all.”

Sounds like a class action suit to me.

Update: At least 3 lawsuits were filed in California, today.

Update, Friday, 11 November: Sony defended its right to prevent customers from illegally copying music but said it will halt manufacturing CDs with the “XCP” technology as a precautionary measure. “We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use,” the company said in a statement.

Crap!



  1. Ima Fish says:

    Didn’t Sony call this rook-kit benign?! Maybe now they’ll come clean, offer a REAL uninstall option that isn’t buried and difficult to get and use, apologize for its errors, pull the current stock, and give refunds for the ones sold.

    See “Sony: You don’t reeeeaaaally want to uninstall, do you?” to learn how difficult Sony is making it to actually uninstall the root-kit!

    http://www.sysinternals.com/Blog/

  2. Jon says:

    Good, more evidence for the law suit. I heard there is a class action lawsuit in California already.

  3. Is it possible for Sony to have any less respect for their customers?

  4. garym says:

    It was only a matter of time.
    I think its funny how Corporate America can say “That type of activity is illegal!” if someone else does it but say “But, we’re only protecting our assets” if they do it.

    G

  5. Ima Fish says:

    Frey, for several years created portable music players that did NOT use MP3.

    The current PSP does NOT use Divx.

    Oh, yeah, and Sony pushed forward with Beta even though the rest of the world wanted more recording time with VHS.

    If you want to buy a firewire cable from Sony for your DV camera, expect to pay 50 bucks. Expect to pay only a few dollars from newegg.

    People talk about the evil of Microsoft, but as far as I’m concerned, Sony is in a league of its own.

  6. Bill says:

    Sony execs are (at best) incredibly short sighted. There should be a HUGE backlash for this irresponsible behavior. I hope that more exploits appear and that Sony gets their collective asses sued off. Okay… that may be wishful thinking but we need to get their attention and that may be the only way to get it.

    The underlying issue is that Sony wants our money but they don’t respect their customers. They are so anal about ‘protecting’ their property they won’t acknowledge that when we buy something from them we are entitled to some rights too. I require a CD or DVD I purchase to be used on any equipment I own any time I like. I do agree that I am not entitled to sell or give away copies. But, Sony is not allowed to spy on me or make other products I own venerable to some creep on the internet either.

  7. Pat says:

    Brady,

    I think the short answer is maybe. Actually, it seems to be just a continuation of Sony’s actions for the last several decades.

    Think BETA VCRs.

    Think BLUE RAY DVDs.

    and to top it off, I refer you (and everyone else) to a column by Brian Krebs in today’s Washington Post

    http://blogs.washingtonpost.com/securityfix/2005/11/sony_exec_warne.html

  8. gquaglia says:

    This will be the case that will make more of us take a long hard look at DRM in general and refuse to buy into it. Only then, when the money starts drying up and the CEOs cant afford that 3rd house at the shore, will something be done. Unfortunatly we will see more of this nonsense before it gets any better.

  9. Ascii King says:

    The CEO won’t notice it except through the news. Who but the geeks even know about this problem or understand why it’s a problem? Also, am I wrong in thinking that since this Sony rootkit is a security measure, it would be illegal for microsoft to create a patch to block it?

  10. Ballenger says:

    I hate to see a company with good intentions subjected to undeserved criticism and bad press. But since this is Sony, no problem… Maybe 150,000 users suing Sony in small claims courts for negligence in implementing their copy protection, would get their attention. Class action efforts would only result in Sony sending victims of their rootkit screw up a buck-fifty and a mouse pad.

    There is some satisfaction (but not nearly enough) in knowing that they have likely rootkited their own systems, given that their employees (hopefully including the executive who OK’ed this lame brain plan) have likely popped a few of these “protected” disks into Sony owned machines. And that those same folks will be e-mailed by lots of angry customers with various bugs on their PCs.

  11. Ima Fish says:

    “Who but the geeks even know about this problem or understand why it’s a problem?”

    I’ve overheard quite a few non-tech people talking about it while at work. It was on the front page of my local paper.

  12. Awake says:

    Microsoft should become involved (with Sony’s permission due to DRM), and issue a ‘patch’ of some kind that checks/fixes this problem during the next Windows ‘auto-update’. And Sony should just shut up and accept that their DRM sucks, it should be cancelled, and they should just abandon this copy protection scheme, as if it never existed, leaving their CD’s unprotected as 99% of the CD’s are in the first place.
    These RootKit issues are both an OS and a malware issue… the OS should keep them from hapenning, so Microsoft should be in the loop in this case.
    Oh, BTW… who buys music CD’s anymore? The whole issue will be non-existent in a couple of years because the whole music CD industry will no longer exist.

  13. gquaglia says:

    “And Sony should just shut up and accept that their DRM sucks”

    Not likely, Sony’s honchos have already chimed in on this like its no big deal (Most people, I think, don’t even know what a rootkit is, so why should they care about it?) Sure they’ve issued some half ass patch to apease those who complain, but in a fews months, most will have forgotten about this and Sony will be business as usual, DRM and all.

  14. Miguel Lopes says:

    I gotta tell ya, if this damned rootkit gets in any of my company’s PCs I will make a lot of noise within the company’s Global IT so that some sort of protest, or even legal action, goes against Sony! IT departments all over the world are overworked and understaffed, and I’m not about to forbid people listening to their own CDs on their work PCs!

  15. Don says:

    Wow! Here’s an issue that seems to have united everybody on this board. I guess Sony should get some credit there. But then let’s get on with a boycott. Screw Sony and everything they produce, not just the CDs in question. Samsung is the new Sony anyway. I think Alice Hill said that.

  16. Pilot Mike says:

    This is going to do serious damage to the RIAA’s Christmas List of new laws in congress. They want to outlaw analog recording.

    *Urg* Nah.

    Maybe it’ll just raise the price to get the laws passed.

  17. Mike T says:

    I can only hope that there is no cap on the damages that can be awarded in this case. It’s one thing for a company to let in viruses due to buggy code (think Microsoft) and then make a good faith effort to get it fixed. It is quite another to do this intentionally.

    Further, if this does allow in a virus, they should be prosecuted in criminal court using the same telco and electronic communication laws that apply to hackers.

    Mike T

  18. garym says:

    Miguel, you raise an excellent point. On my network I have restricted users to Power User mode only. If they insert one of Sony’s discs that has DRM enabled, will the music play if DRM can’t be installed?
    If not, most users (not just mine) will complain to the IT department that it is something WE did, not realizing that it is something Sony did.

    If this turns up on any of my systems, I will report it up the chain to Department of Interior. Lets see Sony tell the Federal Government that this rootkit is a non issue.

    Gary Martinez

  19. Lewis Perdue says:

    Trojans!

    Damn, I thought this was a post about the USC football team!

    Okay, mod this as a funny troll.

  20. Mark Lyon says:

    At least two class action lawsuits have been filed on behalf of Sony BMG Music Entertainment customers who were infected with the First 4 Internet Rootkit. Users who were infected do not have to wait for a class action to make its way through the courts, they can sue on their own in Small Claims Court.

    For more information about the Sony BMG lawsuits, and about filing a lawsuit in your local Small Claims Court, visit SonySuit.com.


0

Bad Behavior has blocked 5026 access attempts in the last 7 days.