JMD1961
MusicFan
Joined: 29 March 2005
Location: United States
Online Status: Offline
Posts: 185
|
| Posted: 11 November 2005 at 2:38pm | IP Logged
|
|
|
My company's IE department sent out the following this afternoon, and I thought I'd pass it along to everyone here.
This summer, Sony BMG began copy-protecting its music CD's using various methods to attempt to prevent illegal copying. Recently, it has been discovered that one such protection method installs proprietary software, contained on the protected CD, on any Windows PC on which the CD is played. Moreover, this software is regarded by many as a Windows rootkit since it installs itself without user knowledge (other than a statement within the End User License Agreement about proprietary software), intercepts certain systems calls, etc. Worse, the software also hides all of its files, registry changes, etc., from the Windows API using a dangerously unsophisticated technique. As described by Symantec (see http://securityresponse.symantec.com/avcenter/venc/data/secu rityrisk.aries.html ), "...First4DRM is a rootkit that hides any processes, files, folders, or registry subkeys that start with the following string: $sys$...."
Why Should We Care?
The first problem is that once installed, this software requires special tools for removal in order to prevent system problems; if removed incorrectly, the Windows OS may have to be re-installed to restore CD drive functionality. The worst problem, however, is that malicious software can be written to hide files using Sony's previously installed copy-protection software; in fact, on 10 November, Romanian anti-virus firm BitDefender stated that it had discovered software that installs a backdoor Trojan on PCs that have Sony's protection software installed ( http://news.bitdefender.com/NW193-en--First-Trojan-Using-Son y-DRM-Detected.html ). As stated on BitDefender's website, "...A new Trojan which uses the cover provided by the Sony DRM component to hide has been detected by BitDefender Labs at 12.15 PM GMT today and is in the wild. This is the first ever observed instance of malware using the Sony DRM rootkit detected and analysed by Mark Russinovich.
The Trojan apparently installs an IRC backdoor on the affected system and may have other functions...."
While this new Trojan does not currently appear to be a viable threat, there is little doubt that other, more threatening, malicious software will follow in its path.
|
Active Topics 
Memberlist 
Search 
Help
Register 
Login
Top 40 Music on Compact Disc : Chat Board
Topic: Sony/BMG copy-protection issues.
