Quote:
Hackers Exploit Secret Copy Protections Found on Sony CDs
By Jay Wrolstad
November 10, 2005 4:15PM
"Sony's intentions were honorable," said Graham Cluley, senior technology consultant at Sophos. "They wanted to stop music piracy and protect their artists, but they did this in a bad way and provided an opening for malware writers."
The can of worms opened by Sony's surreptitious installation of copyright-protection technology on its music CDs keeps getting bigger. Security specialist Sophos reported Thursday that malware writers have wasted little time in creating a Trojan horse that exploits a vulnerability in the software to enable the hijacking of users' computers.
The Troj/Stinx-E Trojan horse has been spammed out to e-mail addresses, Sophos reported, posing as a message from a British business magazine. The message reads: "Hello, Your photograph was forwarded to us as part of an article we are publishing for our December edition of Total Business Monthly. Can you check over the format and get back to us with your approval or any changes? If the picture is not to your liking then please send a preferred one. We have attached the photo with the article here."
If the attached program is run, the Trojan horse copies itself to a file called $sys$drv.exe in the user's PC. Any file with $sys$ in its name is automatically cloaked by Sony's copy-protection code, making it invisible on computers used to play CDs that carry Sony's copy-protection application.
Only a Matter of Time
"Using the rootkit vulnerability in these CDs, the Trojan becomes invisible to users and can then turn off the firewall and take control of the Windows PC," said Graham Cluley, senior technology consultant at Sophos. "We predicted that this might happen, because after the rootkit was uncovered, that let hackers launch an attack without writing their own code," he added.
Cluley said Sophos will deliver a tool to detect the presence of Sony's digital-rights management (DRM) technology on a computer, disable it, and prevent the copyright-protection software from reinstalling.
"Sony's intentions were honorable," he said. "They wanted to stop music piracy and protect their artists, but they did this in a bad way and provided an opening for malware writers." Sophos worked with Sony and First4Internet, the company that developed the DRM application, to create the fix, he said.
Sony Draws Fire
The Trojan's appearance follows on the heels of widespread outrage over the Sony rootkit. A class-action lawsuit has been filed in California and plans are underway to file a similar case in New York. Calls to boycott Sony BMG music also are circulating.
In using First4Internet's XCP rootkit, Sony is accused of borrowing a technique that hackers and spyware distributors use to hide their activities. The software is designed to limit the user's ability to copy a CD's content, but also could create security vulnerabilities, including the ability to monitor a user's PC and send information back to Sony via the installation of a media player.
In response, Sony has issued a patch that makes the software opaque. There are some 20 CD titles that contain the software in question. Cluley said that about 20 million affected discs have been sold by the company to date.
"Maybe people who want this music would be better off buying the songs online," he said.
Source: http://www.cio-today.com/story.xhtml?story_id=39322
|
their so call sony anti-pirate ID was nice and all, but it weaking your system securitys. keep your any virus programs and anti-adware/spyware up to date.
man i would love to fire them Sony people for trying that rootket out to use in their fight on pirate. thats was off limit now other who were not scare should be now.
don't play any sony music Cd on your computer system at home or work place. if you do play it your work place be ready to get fire from your job. a employer or company will not stand for it at all.
if you work for me and i found out your the one who play it into the companie computer you are gone.