Sony DRM malware

[Tabby_Cat]

HOLY BLEEP!!! IT PHONES HOME!!!

:mad:

Sony Rootkit Phones Home

strider44 writes "Mark from Sysinternals has digged a little deeper into the Sony DRM and discovered it Phones Home with an ID for the CD being listened to. XCP Support claims that “The player has a standard rotating banner that connects the user to additional content (e.g. provides a link to the artist web site). The player simply looks online to see if another banner is available for rotation. The communication is one-way in that a banner is simply retrieved from the server if available. No information is ever fed back or collected about the consumer or their activities.”

Yeah, right. Like I trust you XCP malware writers. (someone come up with a better derogratory term? Please?)

[Revtim]

casdave:

I wonder about the outrage expressed, given that iPod software makes itself the default digital player on your computer, and it will not let you use anything else.

I have come across those who even removed it, but still can’t use winamp, seems to me that maybe Apple has some way of getting its hooks deep into your registry.

Why is there no outrage about this ?

I don’t have an iPod, but I’ve used iTunes occasionally, even bought an album from it, and I’ve had no problems not using it as my media player (and using Winamp). On two different computers.

I suppose there’s no outrage because the situation you describe is rare, whereas the DRM gets installed on the majority of computers of those who put that CD in their computer.

Hopefully enough people will turn off autorun on their drives so that the DRM affects as few or fewer people.

Here’s that URL again everybody:
http://www.annoyances.org/exec/show/article03-018
Seriously, everybody needs to send this link to everybody they know who might play CDs in their PCs. Once autorun is out of the picture, all these DRM malwares are almost rendered inert (they can still be loaded manually unfortunately, and it’s easy to do so accidentally) Since they still have to make the discs play in standard CD players, it will be extremely difficult for them to prevent a non-autorunning PC from treating the disc like a standard old-style non-DRM CD.

[rayh]

And now for the good news. Sony BMG are facing at least three law suits over this, possibly more.

Symantec says it has tools which can find the files but not remove them.
Comperter Associates says it will be releasing a tool to uninstall the XCP files.
Kaspersky Labs nas branded the XCP program spyware because it hides itself, could compromise security and can slow machines down.

Full story here.

[Dante]

Just in case there aren’t enough links in this thread, here’s the Inquirer’s excellent article about it. Gets a little bit into the EULA as well.

NOTE: Inquirer (tech website), not The Enquirer (gossip rag).

[Duke_of_Rat]

And virus writers have developed a virus to exploit the Sony DRM malware…

http://blogs.washingtonpost.com/securityfix/2005/11/virus_writers_e.html

[Ponder_Stibbons]

Daaaaaaaaamn. I hope I haven’t accidentally put any Sony disks in my player lately. Fortunately the only CD’s I’ve bought lately has been old fart shit like Neil Young and Pink Floyd, so I’m hoping I’m OK.

Hmmm. But the CD drive itself is a Sony. You don’t suppose … ???

[Ponder_Stibbons]

BTW, great article Dante, I found it very informative.

[Steve_MB]

Sony offers a what the customer doesn’t know won’t hurt them defense.

[Nightsong]

You know, in some ways the timing on this couldn’t be better: I’m writing up a cyber ethics paper so I can finally get out of graduate school, and this is perfect for what I’m discussing.

That being said, though, Sony has definately gone way too far with their quest for the ‘perfect’ DRM. They haven’t thought about the impact to the consumer in a long time, except in terms of ‘how can we get even more money out of them’. :mad:

---

<< One cat leads to another. >>

[Tuckerfan]

Here come the lawyers! (Link also contains listing of tainted CDs. If you like Ricky Martin, I’d be worried.)

[E-Sabbath]

Just to make things more interesting…

First Trojan using Sony DRM spotted

There is now a trojan that takes advantage of the sony product. This should, if I remember my cybercrime laws, qualify them for proscecution in the United States. If anyone felt like taking Sony to criminal task. They are aiding and abetting felons.

[duffer]

Tuckerfan:

(Link also contains listing of tainted CDs. If you like Ricky Martin, I’d be worried.)

Sp would I. But I think this shit Sony is trying to pull is cause for concern as well.

[rayh]

More on the Sony virus.

The number of class action law suits against Sony is now up to six.

In response to the concerns, Sony has released a statement “deeply regretting any disruption that this may have caused.” It added that it would work with anti-virus firms to ensure its anti-piracy system stayed safe.

Stayed safe??? If this shit wasn’t on your machine, it wouldn’t have been compromised.

[Ponder_Stibbons]

Another article on this subject: http://www.nytimes.com/2005/11/09/technology/circuits/09POGUE-EMAIL.html

Apparently, according to this article, Sony has given up on the protection scheme for future CD’s, but still (of course) admits doing nothing wrong.

Sony Spokesman via NY Times:

It’s benign content protection. It’s not malware, it’s not spyware—it’s innocent. … When the issue arose, we addressed it very quickly.

[Bag_of_Mostly_Water]

It looks like Sony is now including something similar for MacOS X. The following was posted in today’s Macintouch. (No link. A link would only be valid for today.)

Darren Dittrich followed up on the discovery that Sony was playing a dirty trick on its customers, secretly installing a malware-style “root kit” on their computers via audio CDs:

I recently purchased Imogen Heap’s new CD (Speak for Yourself), an RCA Victor release, but with distribution credited to Sony/BMG. Reading recent reports of a Sony rootkit, I decided to poke around. In addition to the standard volume for AIFF files, there’s a smaller extra partition for “enhanced” content. I was surprised to find a “Start.app” Mac application in addition to the expected Windows-related files. Running this app brings up a long legal agreement, clicking Continue prompts you for your username/password (uh-oh!), and then promptly exits. Digging around a bit, I find that Start.app actually installs 2 files: PhoenixNub1.kext and PhoenixNub12.kext.
Personally, I’m not a big fan of anyone installing kernel extensions on my Mac. In Sony’s defense, upon closer reading of the EULA, they essentially tell you that they will be installing software. Also, this is apparently not the same technology used in the recent Windows rootkits (made by XCP), but rather a DRM codebase developed by SunnComm, who promotes their Mac-aware DRM technology on their site.

This doesn’t seem as bad as what is done under Windows. If only these two files are installed, removing them would be very easy. Also, the installer on the CD does not auto run and you must type in an administrator password before anything is installed.

[Dag_Otto]

Dante:

Just in case there aren’t enough links in this thread, here’s the Inquirer’s excellent article about it. Gets a little bit into the EULA as well.

NOTE: Inquirer (tech website), not The Enquirer (gossip rag).

That site also has this story about how Sony might modify Playstation games to “ensure that no game would be playable from any console other than the one in which it was first read”. Nothing definite, but now I don’t doubt Sony would do try it.

[Sunspace]

A while back, there was an article in Wired, entitled “The Civil War Inside Sony”. It described how two major factions battled within Sony: the hardware developers, who wanted to create more and more hardware capable of doing more and more recording and playback, and the content mongers, who wanted to release their movies and music as restrictively as possible.

The conclusion of the article was that the unresolved civil war was leading Sony to create potentially-great products that were crippled by technically-unnecessary restrictions, and the company was suffering major sales losses as a result.

Looks like the Bad Side of the content mongers won the war.

[Ponder_Stibbons]

This just in on MSNBC: Sony halts music CDs with anti-piracy scheme

Stung by continuing criticism, … Sony BMG Music Entertainment, promised Friday to temporarily suspend making music CDs with antipiracy technology that can leave computers vulnerable to hackers.

[Ponder_Stibbons]

In a related article:

Bob Sullivan:

But the disclosure and the controversy have opened anew some basic questions: Whose PC is it?

I’ll tell you whose PC it is. It’s my fucking PC. And this whole episode has made me very leery of ever buying anything Sony ever again.

[duffer]

Dag Otto:

That site also has this story about how Sony might modify Playstation games to “ensure that no game would be playable from any console other than the one in which it was first read”. Nothing definite, but now I don’t doubt Sony would do try it.

I’ll admit I haven’t read the article yet, but how exactly will this work in the arena of game rentals?