Sony Music is selling copy protected music CDs that install a poorly written rootkit on your computer. There DRM (DIgital Restrictions Management) software keeps you from making unauthorized copies of your CD, and eats up computer system’s resources, making it run slow and crash. You can’t play the CD on your computer without installing their software, and the software is the rootkit. Rootkits are bad, they’re security bypassing software, usually to let others take control of your computer, and stay hidden while doing so. The insidious thing about this root kit is it’s shit simple for any one to write an exploit to use it as the basis for their own worm/virus/trojan/spyware/spam tool, and own that would be invisible to security software or scanners you might have running (if you have any sense, that is) from Battino’s O’Reilly Blog:
Just few days ago I wrote a rootkit that acts as a DRM system. I was thinking I could demonstrate that the [European] law will protect malware, too, which is obviously unintended. But to see the same techniques are used in an actual DRM scheme already being deployed, I’m shocked.
Thanks Sony! Now when I write my worm, all I have to do is name it “$sys$” and it’ll be “auto-cloaked” on systems you’ve compromised.
My scan tools will trip over this as an altered system call. Meaning much more work for me, much more work for the systems administrator, and much pain for everyone all the way around in the longer run.
(Earlier in this post the author wonders how Microsoft will react. So do I. If they don’t come down hard on Sony, who’s gonna believe their “Trusted Computing” BS. But they spend so much time sucking up to them…does anyone know why a company with more money in the bank then the entire entertainment industry combined is so scared of it?)
The Malware/worms/virii shitstorm from people who didn’t know about the rootkit and loaded these CDs on their computers will take years to eradicate. Sony will probably get off scot free, and dump their surplus inventory on the third world to cripple their nascent infrastructure…
The geeky meat of how this was discovered is here.
If you’ve already loaded one of these CDs, either hire your local geek to disinfect, or backup and reload Windows. Try and get a refund on your CD-good luck there, most place will not take a return unless it’s scratched. But that’s not all you should do.
Do Not Buy Sony Music on CD. Do not play their CDs on your computer. Hell, let’s boycott all Sony products and teach them a lesson. Because if we don’t, this will keep happening, and it will keep getting worse, with ever more corrupt software wedging your computer, and slowing the net to a crawl.
Unless your among the supposed majority of people on this planet who believe that Companies and Rich People may do what they want (y’know who you are, you voted for Bush and Blair). In which case just bend over and spread it like the good sheep you are.
Again from Battino’s blog post:
The odd thing is, this must have been happening for some time. This shows just how poorly we’re protected by virus scanners.
It’s ironic that Sony, the ones who brought us Fair Use in video [by defeating the Betamax lawsuit] are as draconian as they are now.
(with thanks to the Reel Jeff for the heads up, and the quote.)