Rootkit trojan plants a backdoor
Following up on this morning’s story is this Reuters article, which confirms the report from Viruslist and adds the information that the trojan being spread is the Stinx-E, which opens your machine to being controlled remotely. Proving that Sony’s DRM can cause actionable damage just got a lot easier.
November 10th, 2005 at 4:04 pm
Just curious, is this rootkit virus planted just in products from the US or should I becareful of the CD’s I buy from Japanese import stores?
November 10th, 2005 at 4:09 pm
Two different issues, the rootkit (aka the XCP digital rights management software) and the trojan that exploits it.
The rootkit, which opens a door in your system by hiding all files that begin with $SYS$, is loaded on discs in some markets by Sony BMG, but not all. I don’t know about Japanese discs.
The trojan is NOT spread directly by CDs–it is spread by email, but it hides itself if it infects a machine that already has the rootkit, making itself that much more difficult to detect or remove.
So Sony’s DRM software is not directly responsible for this virus, but it creates the conditions in which it can flourish. Think of it as the opposite of a security patch. In fact, the DRM software is essentially an insecurity patch that creates a dangerous condition on your system.
November 10th, 2005 at 5:10 pm
Since there are no Japanese artists on the list you shouldn’t have to worry about exposure to the rootkit, hai?
November 10th, 2005 at 8:45 pm
I think I’ll go purchase a Sony “rootkit” CD, get the virus, and then sue their pants off for damaging my computer and putting others at risk.
What a pile of dung. This whole rootkit business was bound to backfire on them.
Now all we need is for some lawyer to open a HUGE lawsuit, take his profits, and the transformation to the Dark Side will be complete…
November 10th, 2005 at 11:13 pm
Over 2600 people have signed the petition now! Hope it gets over 100,000
Sony REALLY screwed this up!
November 11th, 2005 at 12:38 am
This might be a bit off topic, but thought I’d pass it along. It appears the DRM junk can impact a Mac as well. It just requires more user interaction. I’m not sure if this story’s been verified though.
November 11th, 2005 at 2:40 am
.
November 11th, 2005 at 7:00 am
So let’s see…I’m sitting in a nuclear power plant in NY and thinking “I sure would like to hear some good music right now”. I just happened to have picked up a new CD at Mal-Wort and it’s totaly awsome dude.
November 11th, 2005 at 7:41 am
Boycotting Sony is not enough! Even those who “don’t know what a root-kit is and shouldn’t care” know who Sony’s artists are. They should be boycotted too - and told exactly why.
November 11th, 2005 at 7:55 am
having problems posting to this site, apologies if this is third posting.
Surely installing software on somebody elses computer without their permission is hacking, and comes under US or UK misuse of computer or hacking law. Another culprit of this is starforce software copy protection. If these companies were upfront about their products, then our response should be to boycott them. If they continue to install hidden apps onto our machines without our permission, then they should be sued to pieces. I am sure they would not be happy if we asked them to pay for a new machine and a week of time to undo the damage to our machine their software causes, so how come if we hacked into their computers and caused damages they would expect us to pay. [I am not suggesting the second part]. Anybody from consumer protection bodies care to comment, or has the corporate world got them over a barrel.
November 11th, 2005 at 8:19 am
This bash should not be limited to just Sony. This is just the begining. Other firms might have tried this before and should be caught. Let the DRM hunt begin
November 11th, 2005 at 8:54 am
I can’t help but wonder if Sony can be held responsible for aiding and promoting viruses through the actions of their software? I smell a class action lawsuit coming…..
November 11th, 2005 at 9:19 am
Why not rip the tracks off these root-kit’ed CDs and flood the p2p networks? Show Sony that if it lies to its patrons, they will get their music somewhere else - at a loss for Sony. Geez, and I thought these guys wanted us to buy more music instead of downloading it! It’s been shown that music downloaders are usually the biggest music buyers. In this case, I think Sony will see that its actions will have the effect of pushing those people in the direction of download vs. dish-out.
I for one, will never by a CD with any kind of “protection,” especially the kind that spies on me. I applaud companies that not only keep their CDs free of this garbage, but also include high-quality ogg-vorbis and mp3 files (forget WMA) along side the regular tracks. I think people would be more likely to buy a CD from a company that says “here’s the music you bought, and by the way, since we trust you, and we thank you for buying our product, here is a bonus - high quality tracks you can transfer right to your portable device without a hassle.”
I can’t think of any business where it pays to treat your customers like criminals.
November 11th, 2005 at 10:41 am
Laythstag: Interestingly enough, Sony Music Japan actually gave up copy protection a year ago because of the backlash it got there. Maybe their American division should take a cue from their Japanese parent…
November 11th, 2005 at 3:31 pm
HOW TO BEAT ANY AUDIO CD COPYRIGHT SYSTEM - NO SOFTWARE REQUIRED:
buy a discman - sony make good ones!
insert copyrighted audio cd
link discman headfone or line output to soundcard line in
play cd
record each track one at a time
recompose cd & burn as many as you like - all copies will be copyright protection free.
You are allowed to copy a legitimately purchased cd as many times as you like so long as you are not selling them or giving them away (riiiiiiiight!). The law protects you - if you legally buy a copyright item you can make as many copies as you like so long as you can convince a judge that they are for your own back up purposes.
So - the huge amounts of money spent on cd copyright programs - including the illegal burglary program used by sony - is totally wasted - all you need is a discman and a soundblaster soundcard.
So, Mr Big Business-Moneygrabbingbastards - you’re f***ed!