The Sony Boycott Blog

With the notable exception of the issues that surfaced this weekend about Sony BMG’s lack of a plan to address their international customers’ issues, it seems like most of the primary news about the rootkit fiasco has broken. I thought this might be a good time to take a look at how the story broke […]

According to News.com, Sunncomm has issued a patch for its MediaMax uninstaller. The uninstaller left a user’s computer vulnerable to being exploited by web sites containing malicious code, according to research by the folks at Freedom to Tinker. No word from Felten or Halderman whether the new patch is truly safe, though they do make […]

In the “you have to be kidding” department: Freedom to Tinker reports that the uninstaller for Sony’s other DRM scheme, MediaMax from Sony, also compromises the security of the user’s system. The authors also post a detector to see if the control is on your system and a tool that both cures the infection and […]

I am starting to know what it must feel like to be in Sony’s PR department. Every time I think that this colossal shambling nightmare of Sony DRM has gone away, and that I can afford to take a morning without monitoring Google News for new developments, a half dozen things pop up.
Today it’s the […]

Sony can’t catch a break: The Washington Post’s SecurityFix blog is now reporting the problems with the uninstaller that were noted earlier on Freedom to Tinker. And that’s not all: a comment on the SecurityFix post says that not only does XCP open a hidey-hole for trojans, its drivers are also vulnerable to buffer overflow […]

Boing Boing points to an article on Freedom to Tinker about the web-based uninstaller that Sony provides for their rootkit-infested XCP DRM software. Apparently the uninstaller it potentially opens another exploitable backdoor in the OS.
According to the detailed analysis by Alex Haldeman and Ed Felten on Freedom to Tinker, the uninstaller leaves behind an ActiveX […]

TechTree.com reports on additional variants of the exploit observed yesterday, called Backdoor.IRC.Synd.a and Backdoor.IRC.Synd.B, reported by the antivirus company BitDefender. I’m not sure if one of these is the same as Backdoor.win32.Breplibot.b; different vendors give the same virus different names.
ZoneAlarm is now the second anti-virus company, after CA, to claim that they can identify and […]

The latest BBC article on the rootkit brouhaha indicates that there are, at last count, six class action lawsuits pending. They also quote me, for what it’s worth.

Following up on this morning’s story is this Reuters article, which confirms the report from Viruslist and adds the information that the trojan being spread is the Stinx-E, which opens your machine to being controlled remotely. Proving that Sony’s DRM can cause actionable damage just got a lot easier.

It’s started: Viruslist.com has information from Trend Micro about the first exploit of the vulnerabilities exposed by the Sony rootkit (the link goes to a monthly archive page, there’s no permalink on Viruslist.com’s site). The exploit is a spam mail containing an executable that copies itself to the host OS as $SYS$DRV.EXE and creates a […]