dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3241

pog4
Premium Member
join:2004-06-03
Kihei, HI

1 edit

3 recommendations

pog4

Premium Member

Some earlier signs of Sony's rootkit...

Thought this might be of interest... all predate the recent furor:

»forum.zonelabs.org/zonel ··· 0#M12490
»www.spywarewarrior.com/v ··· ?t=16789
»answers.google.com/answe ··· d=543788
»castlecops.com/print-1-1 ··· 470.html (this one is quite interesting, from last August)
»groups.google.com/group/ ··· 5b1330a0
»groups.google.com/group/ ··· e2b30cf7

edit, one more: »club.cdfreaks.com/showth ··· t=151461

iam x
Sungazer
Premium Member
join:2005-02-23

iam x

Premium Member

...Wow...to think all the trouble and hassle the users went thru just to figure out what this crap was...

thanks for the links pog.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

1 recommendation

Blackbird to pog4

Premium Member

to pog4
This just gets uglier for Sony by the hour. Reading these, it's clear that the problem trail with this rootkit garbage goes back 3 months or more... as does the record of complaints being sent to Sony, all of which seem to have reported the same sort of problems. In a courtroom before a jury, in the hands of even a half-skilled tort lawyer, this is all going to look incredibly blatant, arrogant, and willfully negligent - which it is. Sony, can you spell "epic settlement losses"?
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to pog4

Premium Member

to pog4
I thought it very interesting that Symantec AV v10 detected this back in August according to a post in the castlecops thread

Sunny-jim
@61.8.x.x

Sunny-jim to pog4

Anon

to pog4
I sincerely hope that this lawsuit gets a Jury Trial, and that they are slapped with huge, huge fines and compensation to those affected, so Sony will never go down this road again.

SirSteve
Premium Member
join:2003-11-28
Woodbury, CT

SirSteve

Premium Member

...in the news at CNN

»www.cnn.com/2005/TECH/in ··· dex.html

Wayne DCS
Premium Member
join:2001-12-07
Australia

1 recommendation

Wayne DCS to pog4

Premium Member

to pog4
Mele20,
quote:
I thought it very interesting that Symantec AV v10 detected this back in August
... and ProcessGuard has been able to block this since its very first version TWO YEARS ago

John2g
Qui Tacet Consentit
Premium Member
join:2001-08-10
England

1 recommendation

John2g

Premium Member

said by Wayne DCS:

Mele20,
quote:
I thought it very interesting that Symantec AV v10 detected this back in August
... and ProcessGuard has been able to block this since its very first version TWO YEARS ago
Spam
Mele20
Premium Member
join:2001-06-05
Hilo, HI

1 recommendation

Mele20 to Wayne DCS

Premium Member

to Wayne DCS
Ahh...so you are now positive? (You weren't yesterday in the PG forum at Wilders). So someone with PG had one of these CDs and was able to demonstrate PG blocking it? I figured it would but it is good to know for certain.
Expand your moderator at work

brydry
...it's meat-cake
join:2004-12-05
Clearwater, FL

brydry to SirSteve

Member

to SirSteve

Re: Some earlier signs of Sony's rootkit...

DSL_Steve:
This story started to make news on or about Nov. 2 after the SysInternals blog out on Oct. 30. I saw the story on BBC, USAToday, ABC websites. Its amazing to me that this story is over one full week old before CNN has anything to report. Must not have wanted to "offend" a major advertiser like Sony. That's the only explanation I can think as to why CNN would sit and say nothing about this.

Sony, it is time to pay the piper...

ZOverLord
Premium Member
join:2003-10-20
Minneapolis, MN

1 edit

ZOverLord to pog4

Premium Member

to pog4
The only way to find out when this went into "The Wild" and maybe not first being Sony is to compel First4Internet to state "How Many Copies of This" and to Whom" were sold and when.

Then at least there would be a list of companies that purchased this "Commercial Root-Kit" and then one would be able to try and find products it is embedded in.

Would they all be $sys$ or maybe some other pre-characters?
Expand your moderator at work

catseyenu
Ack Pfft
Premium Member
join:2001-11-17
Fix East

catseyenu to ZOverLord

Premium Member

to ZOverLord

Re: Some earlier signs of Sony's rootkit...

FWIW,a list of all known CD's.

All contain the Sony rootkit.

Trey Anastasio - Shine
Celine Dion - On ne Change Pas
Neil Diamond - 12 Songs
Our Lady Peace - Healthy in Paranoid Times
Chris Botti - To Love Again
Van Zant - Get Right with the Man
Switchfoot - Nothing is Sound
The Coral - The Invisible Invasion
Acceptance - Phantoms
Susie Suh - Susie Suh
Amerie - Touch
Life of Agony - Broken Valley
Horace Silver Quintet - Silver's Blue
Gerry Mulligan - Jeru
Dexter Gordon - Manhattan Symphonie
The Bad Plus - Suspicious Activity
The Dead 60s - The Dead 60s
Dion - The Essential Dion
Natasha Bedingfield - Unwritten
Ricky Martin - Life

TPB
@ev1servers.net

TPB to pog4

Anon

to pog4

Re: Some earlier signs of Sony\'s rootkit...

quote:
BOClean stops it dead in it\\\\\\\'s tracks
well I just tried this and it certainly did not stop it at all! let alone dead in its tracks. maybe im doing something wrong lol

non eof the antitrojan scanners will stop the rootkit installing and none will let you remove the rootkit once it is installed

catseyenu
Ack Pfft
Premium Member
join:2001-11-17
Fix East

catseyenu

Premium Member

I'm calling bullshit.
Register and prove me wrong.

ZOverLord
Premium Member
join:2003-10-20
Minneapolis, MN

2 edits

ZOverLord to catseyenu

Premium Member

to catseyenu

Re: Some earlier signs of Sony's rootkit...

said by catseyenu:

FWIW,a list of all known CD's.

All contain the Sony rootkit.

Trey Anastasio - Shine
Celine Dion - On ne Change Pas
Neil Diamond - 12 Songs
Our Lady Peace - Healthy in Paranoid Times
Chris Botti - To Love Again
Van Zant - Get Right with the Man
Switchfoot - Nothing is Sound
The Coral - The Invisible Invasion
Acceptance - Phantoms
Susie Suh - Susie Suh
Amerie - Touch
Life of Agony - Broken Valley
Horace Silver Quintet - Silver's Blue
Gerry Mulligan - Jeru
Dexter Gordon - Manhattan Symphonie
The Bad Plus - Suspicious Activity
The Dead 60s - The Dead 60s
Dion - The Essential Dion
Natasha Bedingfield - Unwritten
Ricky Martin - Life
If this is the entire list from Sony, why is it they do not seem to post this as fact?

Also stated in Mark's Blog:

»www.sysinternals.com/blo ··· 56437146

Quote:

"Sony has many subsidiaries that are using the scheme as well. BMG, RCA, Arista, Epic, EMI to name a few. I'm sure there are more."

I mean this would be like "We have decided to temporarily STOP using Bouncing-Betty Land Mines, however for now, we do not feel it to be necessary to inform you of where the ones we have have created are located".

These things don't go away, when you insert one of these CD's it's back!

Personally, I think it's a little late in the year to have an "Easter Egg Hunt"

catseyenu
Ack Pfft
Premium Member
join:2001-11-17
Fix East

catseyenu

Premium Member

I didn't say it was "Sony's" list.
For better clarity I should say it's all that I know of at this point.
Sorry if there was any confusion.

pog4
Premium Member
join:2004-06-03
Kihei, HI

pog4 to ZOverLord

Premium Member

to ZOverLord
said by ZOverLord:

...
Would they all be $sys$ or maybe some other pre-characters?
When I first went to look for older stuff on Google, I used "aries.sys" as the search term. Hits were somewhat limited but indicated "$sys$DRMServer.exe" as a good query to use, too. The annoying thing is that I remember "aries.sys" coming up during boot sometime in the last 6 months with a machine I worked on. I couldn't figure things out and just reimaged it.

The CDFreaks link I posted mentions:
How to identify: There will be a file called “VERSION.DAT” if this is opened with Note Pad it will say something like “VERSION=XCP2, Version 1.7”
However, I don't know if this is one of the files in the affected CD's data session or something to be found elsewhere.

Nancymca
Security Goddess, retired.
Premium Member
join:2001-09-30
Voorheesville, NY

1 recommendation

Nancymca to TPB

Premium Member

to TPB

Re: Some earlier signs of Sony\'s rootkit...

If you need help with that detection, email us (support@nsclean.com). As a customer you, just the same as any other customer, will get the support you paid for a lot faster than waiting for someone to get to this forum.

Doctor Four
My other vehicle is a TARDIS
Premium Member
join:2000-09-05
Dallas, TX

Doctor Four to ZOverLord

Premium Member

to ZOverLord

Re: Some earlier signs of Sony's rootkit...

EMI is not a subsidiary of BMG/Sony, last I checked. They
are another of the Big 4, and have gone so far as to
distance themselves from Sony saying that none of their
copy protected CDs use XCP as their DRM scheme. They use
a combination of SunnComm's and Macrovision's DRM methods.

Interestingly enough, one of the XCP protected CDs on
that list, Neil Diamond's 12 Songs, is currently the top
seller on Amazon.com. It would appear that some either
don't care about a DRM rootkit which damages your system
by mucking with the CD-ROM drivers, or know how to avoid
getting infected by it in the first place.

catseyenu
Ack Pfft
Premium Member
join:2001-11-17
Fix East

3 edits

catseyenu

Premium Member

said by Doctor Four:

Interestingly enough, one of the XCP protected CDs on
that list, Neil Diamond's 12 Songs, is currently the top
seller on Amazon.com. It would appear that some either
don't care about a DRM rootkit which damages your system
by mucking with the CD-ROM drivers, or know how to avoid
getting infected by it in the first place.
It's likely the "Neil Diamond" crowd is a little older and not as computer literate.. nothing like exploiting the old and weak.
Trebors5
join:2005-09-20
Mesquite, TX

1 recommendation

Trebors5

Member

said by catseyenu:

said by Doctor Four:

Interestingly enough, one of the XCP protected CDs on
that list, Neil Diamond's 12 Songs, is currently the top
seller on Amazon.com. It would appear that some either
don't care about a DRM rootkit which damages your system
by mucking with the CD-ROM drivers, or know how to avoid
getting infected by it in the first place.
It's likely the "Neil Diamond" crowd is a little older and not as computer literate.. nothing like exploiting the old and weak.
The reason those of us with predominantly grey hair have ongoing technical carriers is because fewer young folk know jack about computers. :D

catseyenu
Ack Pfft
Premium Member
join:2001-11-17
Fix East

2 edits

catseyenu

Premium Member

Okay, I admit I've got grey hair I saw Neil at Madison Square Gardens...

cacroll
Eventually, Prozac becomes normal
Premium Member
join:2002-07-25
Martinez, CA

1 recommendation

cacroll to catseyenu

Premium Member

to catseyenu
said by catseyenu:

FWIW,a list of all known CD's.

All contain the Sony rootkit.

Trey Anastasio - Shine
Celine Dion - On ne Change Pas
Neil Diamond - 12 Songs
Our Lady Peace - Healthy in Paranoid Times
Chris Botti - To Love Again
Van Zant - Get Right with the Man
Switchfoot - Nothing is Sound
The Coral - The Invisible Invasion
Acceptance - Phantoms
Susie Suh - Susie Suh
Amerie - Touch
Life of Agony - Broken Valley
Horace Silver Quintet - Silver's Blue
Gerry Mulligan - Jeru
Dexter Gordon - Manhattan Symphonie
The Bad Plus - Suspicious Activity
The Dead 60s - The Dead 60s
Dion - The Essential Dion
Natasha Bedingfield - Unwritten
Ricky Martin - Life


A longer, hopefully dynamic, list is unfolding at Campaign For Digital Rights Bad CD List
»ukcdr.org/issues/cd/bad/
astirusty
Premium Member
join:2000-12-23
Henderson, NV

astirusty to Sunny-jim

Premium Member

to Sunny-jim
said by Sunny-jim :

I sincerely hope that this lawsuit gets a Jury Trial, and that they are slapped with huge, huge fines and compensation to those affected, so Sony will never go down this road again.
I not sure I care about the fines as much as Sony having to pay for all the damages and repair costs that are (or have been) endured by people who legal bought Sony's intentionally root-kitted music CDs.

Of course the reality is the court cases will drag on for years, lawyers will get rich, users will get nothing, and the fine to Sony will be something like donating all the recalled CDs to dirt poor kids, with Sony being allowed to take the loss as a tax write off.
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith to pog4

Member

to pog4
Speaking as a "gray hair," my guess is that few Neil Diamond fans (I'm not one) play CDs on their computers. They use their "HiFi" and I don't mean getto blaster. It is rare in my experience for a computer to be in the same galaxy, sound wise, as any form of HiFi a gray hair would have purchased or built 20 - 40 years ago. Maybe a Bose Wave radio would approach a computer, but most other component or combo means of playing CDs would be better.

I rarely listen to CDs on my computer, and only when I'm in that room doing something else. And when watching .avis on the computer, I use earphones. (No room for real speakers on my computer desk.)

kirby

TechyDad
Premium Member
join:2001-07-13
USA

TechyDad to catseyenu

Premium Member

to catseyenu
Don't count them out entirely. My father in law happens to have that particular Neil Diamond CD and though he didn't know precisely why, he had heard enough (and not from me) to know that it could mess up his computer. (Actually, could it mess up a Windows 98 system or are rootkits only a problem on Win2K/XP machines?)