Sony cds embedded stealth rootkit

[EricBess]

mythosx - Not having a Sony disk, I can't say for sure, but I'm guessing that when you put a Sony disk into a computer, it tells you it is going to install some software and asks you to okay various things. Chances are at that point, a message pops up that you are about to install something that is changing configurations, but since you are in the process of installing something from a reputable source, you click "continue".

I could be wrong. It's possible that the Sony stuff simply installs itself using the autorun of the CD player, but more often than not, they want to put up a disclaimer, especially when doing something like this. Chances are, buried in their disclaimer is a blurb that they are not liable for any harm to your computer resulting in the installation of their software...

As Spiderman said, the software they themselves install is benign, but it sets up a situation where less reputable sources can sneak code onto your machine that is increadibly difficult to detect, but would have been easy to detect had the software on the Sony disks not been installed.

 

[Oversoul]

As Spiderman said, the software they themselves install is benign, but it sets up a situation where less reputable sources can sneak code onto your machine that is increadibly difficult to detect, but would have been easy to detect had the software on the Sony disks not been installed.

Normally I don't get a disclaimer popping up when I put a music CD in my computer. I'd be suspicious if something like that did happen...

 

[Apollo]

And it in itself doesn't open up your computer, it just "cloaks" the files by naming them so traditional spyware couldn't find them. Once this was posted on the finder's blog, hackers used that same naming convention for their own works. Anyone could have done it - it's just that Sony got there first and the hackers followed.

Spidey--I'm not sure if I'm reading what you said correctly, but I don't think that's right. The rootkit masks all files whose name begins with a certain string of characters. This lets hackers name their files with that string of characters so your anti-virus software won't catch it.

So it's not true that anyone could have done it--if not for Sony's rootkit, the hackers wouldn't have had the opening.

At least, that's how I'm reading things. If that's what you were saying all along, then forgive me.

 

[sageridder]

Right just a music cd you think is just playing and the program installs.And The Firey Bird Boy is correct as well, thats why it's such a problem.In addition to that as much a Houts is the mad Leet guy he claims to be.The truth is it took programers far beyond the level of this board to even find the problem and they are saying (at least at the time of my first interest in this subject) that the program cannot be remove without major problems even with the best of removal programs or techiques.

 

[Spiderman]

Apollo: Ah, I didn't interpret that the Sony rootkit itself was responsible for hiding the masked strings; I thought the masked strings were already hidden from the system and Sony just took advantage of that to use the rootkit to install its files to mess up the CD player.

In other words, before the Sony case came to light, anything still beginning with the $ sign was hidden from the system.

So if that wasn't the case and Sony's rootkit was responsible for introducing the $ mask, then I do agree that they are responsible for opening the door to hackers (although to be honest, it seems the hackers didn't even think of it as they only started to use the mask naming scheme after the whole thing was revealed).

 

[EricBess]

My understanding is that the Sony Rootkit modification introduced the $ mask.

And I personally have had CDs ask me to install software when I've put them into a computer CD player. Typically, it is because the artist has included a bonus track in mp3 format or some other such, and not because it was making any rootkit changes.

 

[HOUTS]

"In addition to that as much a Houts is the mad Leet guy he claims to be"

I didn't claim to be l337, merely 73chy. It's not hard to make an X-Box into your personal CPU, nor diverge a supposed Sony CD into components in order to "unmask" hidden gems.

I've not had any trouble. *shrug*

But I'm not sure what the conversation is about anyhow...I mean, Sony basically inserted a blocking program, quite typical, in order to protect their investments. This isn't, nor has been, a historic event. There has been others who have done it, and well before Sony.


"that the program cannot be remove without major problems even with the best of removal programs or techiques."

Not true. Sorry. *shrug* It's quite easy in fact. I don't know where you've been reading it, but maybe 10 years ago it was hard. Heh.

-HOUTS

 

[sageridder]

Well I guess I took this to mean you thought you were leet.
"However, those less 'able' will be forced to asking people like US to fix it."
Here's a source that seems to belive it's a little difficult to remove.

http://www.f-secure.com/v-descs/xcp_drm.shtml#detect

As far as not being a historic event, don't know maybe not but California and Texas have already filed lawsuits and it looks like New York may as well.Either way I'm not looking for a pissing contest over this my point in starting this thread was just to inform anyone here of the issue that may not have already been.

 

[Oversoul]

And I personally have had CDs ask me to install software when I've put them into a computer CD player. Typically, it is because the artist has included a bonus track in mp3 format or some other such, and not because it was making any rootkit changes.

So maybe my lack of experiencing this is because I haven't played any CD's in my computer recently and this practice is relatively new?

 

[Spiderman]

It must be... I've played CDs that are about 5 years old without any problems or notification windows popping up.

 

[Oversoul]

It must be... I've played CDs that are about 5 years old without any problems or notification windows popping up.

Same here.