EFF posts list of XCP CDs, plus tips and workarounds

EFF: Are You Infected by Sony-BMG’s Rootkit?. The post identifies fewer than 20 CDs that have been confirmed to carry the XCP DRM code, but more importantly gives a heuristic that can be used to verify that the title is infected.

The EFF also posts a tip that will shortly be the tagline of this blog: disable autorun (which automatically executes code on a data CD upon loading) to keep from being infected on a Windows PC.

Thanks to Greg Greene, whose tip about this made my comments just a few minutes before BoingBoing posted it.

4 Responses to “EFF posts list of XCP CDs, plus tips and workarounds”

  1. Michael Says:

    It’s begun.

    Quote from Kaspersky Labs:

    “Yury November 10, 2005 | 14:28 MSK

    “The first backdoor which utilizes the ‘Sony rootkit’ was detected today. We’ve classified this malicious program as Backdoor.Win32.Breplibot.b.
    We’re analyzing the progam at the moment and will have more information soon. Watch this space.”


  2. The Sony Boycott Blog » Blog Archive » Backdoor.win32.Breplibot.b: First exploit of the Sony rootkit Says:

    […] It’s started: Viruslist.com has information from Trend Micro about the first exploit of the vulnerabilities exposed by the Sony rootkit (the link goes to a monthly archive page, there’s no permalink on Viruslist.com’s site). The exploit is a spam mail containing an executable that copies itself to the host OS as $SYS$DRV.EXE and creates a registry key. No word yet on whether any other activity occurs after installation. Thanks to Michael for posting the link in the comments. […]

  3. Jon Rich Says:

    I don’t even buy or use music cd’s, but after reading the current sorry saga of Sony I have put them on my avoid-at-all-cost list. (I once had good experience with Sony Trinitron but have had poor experience with everything Sony since.) I now view Sony to be a “loose canon.” If they are devious enough to purpetrate this piracy on an unsuspecting public, what might they be capable of next if they think they can get away with it?

  4. Jon Rich Says:

    for example:
    Sony DVD-VCR combo - failed after 50 days (locked up and ate one of my favorite DVDs)
    Sony hard drive - failed after 17 months (crashed and took my programs and data with it)
    Sony disk drive (3.5″) - failed after 2-3 years ( wouldn’t eject disks without inserting pin)
    Sony 3.5″ HD 1.44MB disks - about 15-20% of a particular lot failed (became unformattible)

Leave a Reply

You must be logged in to post a comment.