Sony BMG DRM bug turns up
p2p news / p2pnet: "We wouldn’t like to say ‘we told you so’," posts F-Secure on its blog. "But unfortunately this is one of those times you just have to do it."
The company says it’s just analyzed Breplibot.b, the first malware application trying to hide on computers blemished with the Sony BMG rootkit DRM spyware.
F-Secure discovered the Sony BMG software close to the same time as Mark Russinovich at Sysinternals.
"Luckily, the bot has a design flaw," says F-Secure. "If the Sony DRM rootkit is active (hiding) in the system during infection, the bot will not run at all. Moreover, the bot cannot survive a reboot because of a programming error. In any case, this is a very good example of why software should not use rootkit hiding techniques."
Sony BMG is now being sued under two class actions.
Something you think we should know? tips[at]p2pnet.net
First they ignore you, then they laugh at you, then they fight you, then you win
- Mohandas Gandhi
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local political representatives. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance.
See:-
F-Secure – Bot trying to hide under Sony DRM, November 10, 2005
class actions – Sony BMG DRM class action, November 10, 2005
November 10th, 2005 at 10:01 pm
Buy Sony CD, install DRM, get computer infected with Breplibot.b, sue Sony, get very rich very quickly. Perfect for lazy sods.
November 10th, 2005 at 11:01 pm
I’ve put some Sony cd’s on my computer so wondering if anyone knows where to find a list of the CD’s that this Rootkit DRM was installed on or if a list is even availible or at least how many titles are affected. It sounds like, from other posts it’s not a good idea installing the fix and some say it’s useless. But either way it would be nice to know if I have it on my machine. Thanks Rescue
November 10th, 2005 at 11:46 pm
Go to the Sysinternals site and get their rootkitrevealer app. It will tell you if your computer is infected (with any rootkit). If it’s in there I have no idea how to remove it, but you are right, Sony’s “patches” only make their malware visible, and from what I have read it is very likely to really hose up your system bad if you try to just delete the files once you can see them. Prolly won’t let you delete anyway as the malware runs at startup and can’t be shut down. Would it kill Sony to just release a REAL uninstaller, or better yet include one on their infected CDs? Once the app is gone (if you can even make that happen…) you can’t play or rip* the crippled CDs anymore so their precious DRM would still be intact. Why weather such a hailstorm of bad PR when a legitimate fix would be so easy. I don’t get it.
http://www.sysinternals.com/Utilities/RootkitRevealer.html
*Can you say, disable autorun? Hint, a rectangular object with the letters s, h, i, f, & t on it.
November 10th, 2005 at 11:57 pm
Haha, this is great. I hope dies a slow and painfull death, preferbly due to lawsuits
This is why everyone should boycott all sony’s products, that and the fact that sony is the most prominant force behind the MPAA/RIAA. They will stop at nothing to squeeze every last dollar/pound out of everyone that can, be it through lawsuits or overpriced, overhyped junk like blu-ray/PSP.
November 11th, 2005 at 2:32 am
http://slashdot.org/~xtracto/journal/121088
http://www.google.co.uk/search?q=sony+site:amazon.com+intitle:%22%5BCONTENT/COPY-PROTECTED+CD%5D%22&num=100
November 11th, 2005 at 2:34 am
most up-to-date list according to /.
http://slashdot.org/~xtracto/journal/121697
November 11th, 2005 at 8:47 am
Also, to see if you have the rootkit you can just create a file that starts with $sys$. If you have the rootkit, the file you just created should disapear from view..
November 11th, 2005 at 1:56 pm
I will never buy anything at all from SONY ever again.
Period.
November 11th, 2005 at 3:08 pm
It’s hard NOT to buy from Sony.
With blank CDs, DVDs, DDS, mini-discs, personal music players, video cameras, digital cameras, mobile phones, TVs, DVD players/recorders, computers, laptops and stupid dogs.
Most of these have legal as well as non legal uses (mostly non legal).
<pirate type of voice> AAaargh!! Sony lad, who put sand in the vaseline? </pirate type of voice>
November 11th, 2005 at 7:02 pm
Taken off http://www.pandasoftware.com
Simply use their free online Panda ActiveScan, which will detect and remove XCP altogether if you so desire, for free! As far as the US DMCA BS, Panda is located in Spain =) So much for it being illegal to tamper with DMCA. Only in the USA? Pity!
Anyway, any and all elected US officials that voted for the DMCA bill should burn in Hell! Americans should fight for their rights and freedoms, and not let low-life elected officials which are obviously on the payroll of the music industry, get away with murder! Hold THEM accountable at the next election! Since their primary goal is to get elected, and get rich, they will listen to the popular vote. Democracy in its full glory. (Do you notice a similarity between politicians and whores?)
————————————————————————-
Is my computer infected by XCP?
In order to make absolutely sure that XCP is present on your computer, you have the following options:
Carry out a full scan of your computer using Panda Antivirus, after checking that it is updated. If it isn’t and you are a registered Panda Software client, update it by clicking here.
Check the computer with Panda ActiveScan, Panda Software’s free, online scanner, which will quickly detect any possible viruses.
How to remove XCP?
In order to avoid the threat posed by XCP, you have the following options:
If Panda Antivirus or Panda ActiveScan detects XCP during the scan, it will automatically offer you the option of deleting it. Do this by following the program’s instructions.