Do not put Sony Music CDs in your editor's drive at DVinfo.net

George Ellis · November 1st, 2005, 06:52 AM

Mark Russinovich recently discovered that Sony's content protected CDs will install, without warning, a rootkit on your PC. Rootkits hide themselves, prevent detection, and in some way, alter the usage of your computer. You can read more about it At the Registry and at Mark's discussion linked from The Registry here

The rootkit will alter how the CD drivers work and could possibly limit your ability to write files to disc. Trying to uninstall the kit can cause some components to be disabled. The potential exists that you could possibly lose the ability to create content that is in no way related to any Sony materials and there are no major telltales on why that has happened.

Mark Russinovich is one of the leading OS internals folks around (He and David Solomon are the kings). Mark also notes that besides underhanded, the app is very poorly written. :p

Marco Wagner · November 1st, 2005, 01:24 PM

I had this issue and had to wipe my entire machine to byte zeros in order to remove it, DIE SONY!

Dan Euritt · November 1st, 2005, 06:40 PM

nice post! i wonder if proper virus/spybot type of monitoring software would stop this from installing?

Marco Wagner · November 1st, 2005, 06:53 PM

I think it would if you trained it. Maybe to look for rootkit extensions or something along those lines.

Marco Leavitt · November 1st, 2005, 08:15 PM

There's gotta be a lawsuit in this.

George Ellis · November 2nd, 2005, 04:42 AM

Quote:

Originally Posted by Dan Euritt

nice post! i wonder if proper virus/spybot type of monitoring software would stop this from installing?

At the moment, no. Cisco Security Agent may, but that is not an over-the-counter solution.

James Llewellyn · November 5th, 2005, 02:02 AM

Quote:

Originally Posted by Marco Leavitt

There's gotta be a lawsuit in this.

I was wondering the same thing.

Boyd Ostroff · November 5th, 2005, 09:29 AM

Here's some more info on this issue...

http://news.yahoo.com/news?tmpl=stor...03/bs_nf/39083
http://biz.yahoo.com/ap/051102/sony_...tion.html?.v=5

Graham Risdon · November 5th, 2005, 11:53 AM

Hi all
Following the previous threads, it appears Sony have posted a fix at
http://cp.sonybmg.com/xcp/english/updates.html. Thought I'd post it up here to save people trawling! Pity Sony don't stick to producing cameras - they're quite good at that!!! ;-)

Marco Leavitt · November 10th, 2005, 05:59 PM

http://www.breitbart.com/news/2005/11/10/D8DPSA288.html

I hope they bleed Sony good over this.

Boyd Ostroff · November 10th, 2005, 06:08 PM

http://seattletimes.nwsource.com/htm...38_paul07.html

Quote:

Hardly a week goes by that I don't hear from a friend or colleague with a monumental Windows problem. I tell them I'm glad to help, on one condition: Next time they buy a computer, they agree to consider a Macintosh. A year ago, after a particularly trying week of spyware, adware, viral attacks, lock-ups and reboots, I changed my primary computer to a Mac.

November 11th, 2005, 02:35 PM

I appreciated your warning on this. This article just came up on the home page for my email. I'm not sure if it's the cause of the problem you mentioned above or not, but good news to prevent this from happening in the future if it is. To bad all of the old CD's willl still remain in circulation though -

"Sony BMG Music Entertainment, promised Friday to temporarily suspend making music CDs with antipiracy technology that can leave computers vulnerable to hackers."

From what I read in your post above the hacking was not the concern in this forum, but the "antipiracy technology" may have been affiliated with the "root kit" you mentioned above.

http://news.yahoo.com/s/ap/20051111/...opy_protection

George Ellis · November 14th, 2005, 06:39 AM

Quote:

Originally Posted by Graham Risdon

Hi all
Following the previous threads, it appears Sony have posted a fix at
http://cp.sonybmg.com/xcp/english/updates.html. Thought I'd post it up here to save people trawling! Pity Sony don't stick to producing cameras - they're quite good at that!!! ;-)

This is actually not a fix. It is not an uninstall. It just exposes the materials in the rootkit.

As of last week, there is now an exploit in the wild that will take advantage of the rootkit and use it to hide its operation. As of last week, both Symantec and Microsoft had included the signature for the kit in their anti-virus/anti-spyware tools. I do not know if that includes innoculation or uninstall. Because the rootkit add low and high filters (sub-classes the CD - a special driver that intercepts any calls to and from the CD device), and those directories in the registry can vary, they may not have included an uninstall yet.

Edit - added link http://www.cnn.com/2005/TECH/interne...eut/index.html

Boyd Ostroff · November 14th, 2005, 04:06 PM

http://biz.yahoo.com/fool/051114/113199454317.html?.v=2

Quote:

Increasingly, music companies like Sony's Sony BMG arm are treating their customers like criminals who borrowed rather than purchased their products. Meanwhile, look out, this newest development points to the ways that the recording industry is going on the offensive -- it appears that the industry has moved on from tackling peer-to-peer networks to attack what they call "casual piracy"

Jack Zhang · November 16th, 2005, 08:51 PM

The affected CDs (according to the meda) are to be returned for a Copy-protectionless copy of the disc. Guess the people who did get the virus in their computer would have to reinstall everything and format the Hard drive!

November 1st, 2005, 06:52 AM	#1
George Ellis Trustee Join Date: Feb 2004 Location: Suwanee, GA Posts: 1,241	Do not put Sony Music CDs in your editor's drive Mark Russinovich recently discovered that Sony's content protected CDs will install, without warning, a rootkit on your PC. Rootkits hide themselves, prevent detection, and in some way, alter the usage of your computer. You can read more about it At the Registry and at Mark's discussion linked from The Registry here The rootkit will alter how the CD drivers work and could possibly limit your ability to write files to disc. Trying to uninstall the kit can cause some components to be disabled. The potential exists that you could possibly lose the ability to create content that is in no way related to any Sony materials and there are no major telltales on why that has happened. Mark Russinovich is one of the leading OS internals folks around (He and David Solomon are the kings). Mark also notes that besides underhanded, the app is very poorly written. :p

November 1st, 2005, 01:24 PM	#2
Marco Wagner Trustee Join Date: May 2005 Location: Saint Cloud, Florida Posts: 1,043	I had this issue and had to wipe my entire machine to byte zeros in order to remove it, DIE SONY! __________________ www.facebook.com/projectspecto

November 1st, 2005, 06:53 PM	#4
Marco Wagner Trustee Join Date: May 2005 Location: Saint Cloud, Florida Posts: 1,043	I think it would if you trained it. Maybe to look for rootkit extensions or something along those lines. __________________ www.facebook.com/projectspecto

November 5th, 2005, 11:53 AM	#9
Graham Risdon Regular Crew Join Date: Jul 2005 Location: Wiltshire, UK Posts: 192	Sony have posted a fix Hi all Following the previous threads, it appears Sony have posted a fix at http://cp.sonybmg.com/xcp/english/updates.html. Thought I'd post it up here to save people trawling! Pity Sony don't stick to producing cameras - they're quite good at that!!! ;-)

November 10th, 2005, 05:59 PM	#10
Marco Leavitt Inner Circle Join Date: Jul 2002 Location: Albany, NY 12210 Posts: 2,652	And the lawsuits start ... http://www.breitbart.com/news/2005/11/10/D8DPSA288.html I hope they bleed Sony good over this.

November 1st, 2005, 06:40 PM	#3
Dan Euritt Trustee Join Date: Mar 2004 Location: Carlsbad CA Posts: 1,132	nice post! i wonder if proper virus/spybot type of monitoring software would stop this from installing?

November 1st, 2005, 08:15 PM	#5
Marco Leavitt Inner Circle Join Date: Jul 2002 Location: Albany, NY 12210 Posts: 2,652	There's gotta be a lawsuit in this.

November 5th, 2005, 09:29 AM	#8
Boyd Ostroff Wrangler Join Date: Dec 2002 Location: Mays Landing, NJ Posts: 11,787	Here's some more info on this issue... http://news.yahoo.com/news?tmpl=stor...03/bs_nf/39083 http://biz.yahoo.com/ap/051102/sony_...tion.html?.v=5

November 11th, 2005, 02:35 PM	#12
Guest Posts: n/a	I appreciated your warning on this. This article just came up on the home page for my email. I'm not sure if it's the cause of the problem you mentioned above or not, but good news to prevent this from happening in the future if it is. To bad all of the old CD's willl still remain in circulation though - "Sony BMG Music Entertainment, promised Friday to temporarily suspend making music CDs with antipiracy technology that can leave computers vulnerable to hackers." From what I read in your post above the hacking was not the concern in this forum, but the "antipiracy technology" may have been affiliated with the "root kit" you mentioned above. http://news.yahoo.com/s/ap/20051111/...opy_protection

November 16th, 2005, 08:51 PM	#15
Jack Zhang Inner Circle Join Date: May 2005 Location: Burnaby, BC, Canada Posts: 3,053	CDs to be recalled. The affected CDs (according to the meda) are to be returned for a Copy-protectionless copy of the disc. Guess the people who did get the virus in their computer would have to reinstall everything and format the Hard drive!