p2p news / p2pnet: Sony BMG is now using rootkit-based DRM on some CDs sold in the US.

A rootkit is a set of tools developed to crack a computer system. Normally, malware authors who want to stay hidden use it but, “As far as we know, this system has been in use since March 2005,” says F-Secure research director Mikko Hypponen on the company blog.

“We’ve made some test purchases for Sony BMG records from Amazon.com and can confirm that they contained this technology.”

Hypponen says when a CD is slotted into a Windows-based PC, a license agreement is displayed, “and then it will seem install a song player software”.

However, what’s really happening is a rootkit is being planted in the system and, “there’s no direct way to uninstall it,” says Hypponen.

“The system is implemented in a way that makes it possible for viruses (or any other malicious program) to use the rootkit to hide themselves too.

“This may lead to a situation where the virus remains undetected even if the user has got updated antivirus software installed.”

F-Secure has published a technical description on the Sony BMG rootkit, with details on how to distinguish hidden items belonging to the DRM system from potentially harmful malware, it says,adding that F-Secure has a free BlackLight ‘Scan for Rootkits’ in beta.

You can download it here but, “If you find this rootkit from your system, we recommend you don’t remove it with our products,” warns Hypponen.

The Sony BMG rootkit DRM system is implemented as a filter driver for the CD drive and, “just blindly removing it might result in an inaccessible CD drive letter, he says. Rather, contact Sony BMG directly to find out how to remove the plant.

“We’ve test driven this and they will provide you with tools to do this,” promises Hypponen.

REVISED @ 8:53AM Pacific:

If you want more - a lot more - on this, “The entire experience was frustrating and irritating,” concludes Mark Russinovich on Mark’s Sysinternals blog.

“Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

“While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far.”

As Henry Skoglund posted in a comment, “I predict that maybe the next time you’re purchasing a music CD with similar DRM software on it, you’ll never open the package, instead downloading the MP3 files for that album through (illegal) P2P file sharing.

“For some strange reason all DRM software is missing in those P2P downloads, leaving you with just the music to enjoy… :-)”

(Thanks, Nicholas)

Stay tuned.

Something you think we should know? tips[at]p2pnet.net

See:-
blog - The “Sony rootkit” case, November 1, 2005
Mark’s Sysinternals blog - Sony, Rootkits and Digital Rights Management Gone Too Far, October 31, 2005

This entry was posted on Tuesday, November 1st, 2005 at 3:31 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 8688 times