Archive for the 'Exploits' Category

Using blogs and the media for change: the Sony BMG case study

Monday, November 28th, 2005

With the notable exception of the issues that surfaced this weekend about Sony BMG’s lack of a plan to address their international customers’ issues, it seems like most of the primary news about the rootkit fiasco has broken. I thought this might be a good time to take a look at how the story broke […]

Sunncomm: new patch for MediaMax uninstaller

Tuesday, November 22nd, 2005

According to, Sunncomm has issued a patch for its MediaMax uninstaller. The uninstaller left a user’s computer vulnerable to being exploited by web sites containing malicious code, according to research by the folks at Freedom to Tinker. No word from Felten or Halderman whether the new patch is truly safe, though they do make […]

Sunncomm uninstaller vulnerabilities

Thursday, November 17th, 2005

In the “you have to be kidding” department: Freedom to Tinker reports that the uninstaller for Sony’s other DRM scheme, MediaMax from Sony, also compromises the security of the user’s system. The authors also post a detector to see if the control is on your system and a tool that both cures the infection and […]

Sony apologizes, withdraws uninstaller, not before shooting self in foot

Thursday, November 17th, 2005

I am starting to know what it must feel like to be in Sony’s PR department. Every time I think that this colossal shambling nightmare of Sony DRM has gone away, and that I can afford to take a morning without monitoring Google News for new developments, a half dozen things pop up.
Today it’s the […]

More coverage, more vulnerabilities

Tuesday, November 15th, 2005

Sony can’t catch a break: The Washington Post’s SecurityFix blog is now reporting the problems with the uninstaller that were noted earlier on Freedom to Tinker. And that’s not all: a comment on the SecurityFix post says that not only does XCP open a hidey-hole for trojans, its drivers are also vulnerable to buffer overflow […]

Watch out for the Sony uninstaller

Tuesday, November 15th, 2005

Boing Boing points to an article on Freedom to Tinker about the web-based uninstaller that Sony provides for their rootkit-infested XCP DRM software. Apparently the uninstaller it potentially opens another exploitable backdoor in the OS.
According to the detailed analysis by Alex Haldeman and Ed Felten on Freedom to Tinker, the uninstaller leaves behind an ActiveX […]

More exploits of the Sony rootkit; news from AV vendors

Friday, November 11th, 2005 reports on additional variants of the exploit observed yesterday, called Backdoor.IRC.Synd.a and Backdoor.IRC.Synd.B, reported by the antivirus company BitDefender. I’m not sure if one of these is the same as Backdoor.win32.Breplibot.b; different vendors give the same virus different names.
ZoneAlarm is now the second anti-virus company, after CA, to claim that they can identify and […]

More lawsuits

Friday, November 11th, 2005

The latest BBC article on the rootkit brouhaha indicates that there are, at last count, six class action lawsuits pending. They also quote me, for what it’s worth.

Rootkit trojan plants a backdoor

Thursday, November 10th, 2005

Following up on this morning’s story is this Reuters article, which confirms the report from Viruslist and adds the information that the trojan being spread is the Stinx-E, which opens your machine to being controlled remotely. Proving that Sony’s DRM can cause actionable damage just got a lot easier.

Backdoor.win32.Breplibot.b: First exploit of the Sony rootkit

Thursday, November 10th, 2005

It’s started: has information from Trend Micro about the first exploit of the vulnerabilities exposed by the Sony rootkit (the link goes to a monthly archive page, there’s no permalink on’s site). The exploit is a spam mail containing an executable that copies itself to the host OS as $SYS$DRV.EXE and creates a […]