Rootkit trojan plants a backdoor

Following up on this morning’s story is this Reuters article, which confirms the report from Viruslist and adds the information that the trojan being spread is the Stinx-E, which opens your machine to being controlled remotely. Proving that Sony’s DRM can cause actionable damage just got a lot easier.

15 Responses to “Rootkit trojan plants a backdoor”

  1. Laythstag Says:

    Just curious, is this rootkit virus planted just in products from the US or should I becareful of the CD’s I buy from Japanese import stores?

  2. Tim Says:

    Two different issues, the rootkit (aka the XCP digital rights management software) and the trojan that exploits it.

    The rootkit, which opens a door in your system by hiding all files that begin with $SYS$, is loaded on discs in some markets by Sony BMG, but not all. I don’t know about Japanese discs.

    The trojan is NOT spread directly by CDs–it is spread by email, but it hides itself if it infects a machine that already has the rootkit, making itself that much more difficult to detect or remove.

    So Sony’s DRM software is not directly responsible for this virus, but it creates the conditions in which it can flourish. Think of it as the opposite of a security patch. In fact, the DRM software is essentially an insecurity patch that creates a dangerous condition on your system.

  3. Jason Says:

    Since there are no Japanese artists on the list you shouldn’t have to worry about exposure to the rootkit, hai?

  4. David Says:

    I think I’ll go purchase a Sony “rootkit” CD, get the virus, and then sue their pants off for damaging my computer and putting others at risk.

    What a pile of dung. This whole rootkit business was bound to backfire on them.

    Now all we need is for some lawyer to open a HUGE lawsuit, take his profits, and the transformation to the Dark Side will be complete…

  5. Gene Says:

    Over 2600 people have signed the petition now! Hope it gets over 100,000

    Sony REALLY screwed this up!

  6. Chris Campbell Says:

    This might be a bit off topic, but thought I’d pass it along. It appears the DRM junk can impact a Mac as well. It just requires more user interaction. I’m not sure if this story’s been verified though.

  7. . Says:

    .

  8. please bumble Says:

    So let’s see…I’m sitting in a nuclear power plant in NY and thinking “I sure would like to hear some good music right now”. I just happened to have picked up a new CD at Mal-Wort and it’s totaly awsome dude.

  9. Robin Says:

    Boycotting Sony is not enough! Even those who “don’t know what a root-kit is and shouldn’t care” know who Sony’s artists are. They should be boycotted too - and told exactly why.

  10. ROBERT MILNE Says:

    having problems posting to this site, apologies if this is third posting.
    Surely installing software on somebody elses computer without their permission is hacking, and comes under US or UK misuse of computer or hacking law. Another culprit of this is starforce software copy protection. If these companies were upfront about their products, then our response should be to boycott them. If they continue to install hidden apps onto our machines without our permission, then they should be sued to pieces. I am sure they would not be happy if we asked them to pay for a new machine and a week of time to undo the damage to our machine their software causes, so how come if we hacked into their computers and caused damages they would expect us to pay. [I am not suggesting the second part]. Anybody from consumer protection bodies care to comment, or has the corporate world got them over a barrel.

  11. Peter Says:

    This bash should not be limited to just Sony. This is just the begining. Other firms might have tried this before and should be caught. Let the DRM hunt begin

  12. Mark Brinkman Says:

    I can’t help but wonder if Sony can be held responsible for aiding and promoting viruses through the actions of their software? I smell a class action lawsuit coming…..

  13. John Says:

    Why not rip the tracks off these root-kit’ed CDs and flood the p2p networks? Show Sony that if it lies to its patrons, they will get their music somewhere else - at a loss for Sony. Geez, and I thought these guys wanted us to buy more music instead of downloading it! It’s been shown that music downloaders are usually the biggest music buyers. In this case, I think Sony will see that its actions will have the effect of pushing those people in the direction of download vs. dish-out.

    I for one, will never by a CD with any kind of “protection,” especially the kind that spies on me. I applaud companies that not only keep their CDs free of this garbage, but also include high-quality ogg-vorbis and mp3 files (forget WMA) along side the regular tracks. I think people would be more likely to buy a CD from a company that says “here’s the music you bought, and by the way, since we trust you, and we thank you for buying our product, here is a bonus - high quality tracks you can transfer right to your portable device without a hassle.”

    I can’t think of any business where it pays to treat your customers like criminals.

  14. codeman38 Says:

    Laythstag: Interestingly enough, Sony Music Japan actually gave up copy protection a year ago because of the backlash it got there. Maybe their American division should take a cue from their Japanese parent…

  15. phil Says:

    HOW TO BEAT ANY AUDIO CD COPYRIGHT SYSTEM - NO SOFTWARE REQUIRED:

    buy a discman - sony make good ones!
    insert copyrighted audio cd
    link discman headfone or line output to soundcard line in
    play cd
    record each track one at a time
    recompose cd & burn as many as you like - all copies will be copyright protection free.

    You are allowed to copy a legitimately purchased cd as many times as you like so long as you are not selling them or giving them away (riiiiiiiight!). The law protects you - if you legally buy a copyright item you can make as many copies as you like so long as you can convince a judge that they are for your own back up purposes.

    So - the huge amounts of money spent on cd copyright programs - including the illegal burglary program used by sony - is totally wasted - all you need is a discman and a soundblaster soundcard.

    So, Mr Big Business-Moneygrabbingbastards - you’re f***ed!

Leave a Reply

You must be logged in to post a comment.