More coverage, more vulnerabilities

Sony can’t catch a break: The Washington Post’s SecurityFix blog is now reporting the problems with the uninstaller that were noted earlier on Freedom to Tinker. And that’s not all: a comment on the SecurityFix post says that not only does XCP open a hidey-hole for trojans, its drivers are also vulnerable to buffer overflow attacks–meaning that even without infecting the user with another piece of malware, the user’s machine could be forced to run arbitrary code in kernel mode.

Even better: How many machines are vulnerable to such attacks? According to Wired and Dan Kaminsky, the number is at least 568,000. (Dan’s server is slashdotted at present: welcome Slashdot visitors, and I’m glad no one linked me in the main article.)

And how did I miss the filing of the rumored New York class action lawsuit–filed in federal court?

So what should you do? If you’re reading this article on the front page of my site, I have the instructions in the sidebar. If not, a few simple suggestions to avoid infection:

  1. Turn off autorun
  2. Remove the infection (you can also try the Microsoft Anti-Spyware tool, though Sysinternals suggests that it may put you at risk of bluescreening when it turns off the cloak)
  3. Avoid buying infected CDs (and check out this expanded list)
  4. Sign the Boycott Sony petition

18 Responses to “More coverage, more vulnerabilities”

  1. Always in motion is the future. Says:

    /. : “Bad Day To Be Sony”

    Ich habe über das Sony-Rootkit schon berichtet, offensichtlich hat sich das erledigt. Der Imageschaden für Sony dürfte beträchtlich sein, wenn sogar Microsoft davor warnt… : Slashdot | Bad Day To Be Sony

    Hier gibt es ausf&#…

  2. Tom Ciarlone Says:

    Class Action Law Firm Investigating Sony CDs:
    My law firm is investigating the situation surrounding “rootkits” on Sony-label CDs. In connection with our investigation, we are interested in learning more about the experiences consumers have had with those CDs. I can be contacted at (212) 239-4340 or, by e-mail, at tciarlone@lawssb.com.

  3. Steve U.K. Says:

    Well it really couldn’t have happened to a nicer company!…I suppose all that’s left is for the shareholders to fire the executive board, hang the ceo & employ a new management team, I hope!…Let’s face it, this bunch of bananas couldn’t organize a party for a bunch of drunks in a brewery let alone mop up after it…& they get paid how much!!!…WHY!?…I don’t care what they do now because from now I’ll play cd’s on my HiFi & interface it into my pc network…ONLY way to be totally safe really it seems!

  4. Rick Says:

    Been digging around trying to find out the URL of the Sony “Phone Home” process on Sony rootkit-infected computers.

    Any ideas yet ?

    Thanks…

  5. John Strickland Says:

    I for one will not be purchasing ANY products from companies who do business with First 4. They dont appear to have ANY idea the damage they have caused. I’ll just keep checking First 4’s website for any press releases on companies they gain as clients and stay away from them too.
    I will also watch for PC games Sony releases… First 4 states they are going to wreck - err ummm - try to fix that industry too….
    Its ignorance and arrogance like this from First 4 and Sony that damages the industry.

  6. The one Whome they call Chris Says:

    Your Link blog link has been added in one of my posts :)

    Theres a petition now:
    http://www.petitiononline.com/bcsony/petition.html

  7. The one Whome they call, Chris Says:

    sorry same person as above.

    heres another Link to add

    http://www.theinquirer.net/?article=27568

    They are stopping PS3 Users from trading and renting games..

  8. Zendo Deb Says:

    Much has been said about Sony and CD’s, but what about Sony and DVD’s??

    Are they doing anything similar on the DVD side of the house?

  9. Mike Says:

    The what you should do list -

    1 Turn Off Autorun
    2 Avoid buying infected CDs
    3 Sign the Boycott Sony petition

    - is a good idea. May I suggest a further item?

    You might also include: “make sure anyone else using your machine uses a non-admin account”.

    This malware won’t install on XP on a non-admin account, so people need to be aware of that and to take appropriate steps.

    Actually, Microsoft’s security model is broken: (1) “admin” is effectively “root”; (2) many programs are poorly written and outdated and consequently won’t run for limited users; (3) the system doesn’t invite the user to setup a non-admin account for use on installation on XP, so most people are not aware of the issue.

    The Sony malware pretty effectively circumvents any security model, because it uses social engineering to persuade an user to grant it what privileges it needs to install. However, casual installation of such software is more difficult under a Unix security model.

    Consider the Sunncomm DRM software than installs kernel extensions on Mac OS X. It’s going have to ask for root privileges to do that. That means that even if the owner of the machine walks out of the room without logging out, one of his kids can’t pop in a Sony CD and click through to install it. The machine just isn’t going to do it even on an admin account. The kid would have to submit an admin password to raise privileges temporarily from admin to root to allow the software access to system areas, and the kid won’t know the password.

    On a Windows box, as long as your machine is logged on to an admin account, you’re wide open. So because of software like the Sony rootkit (and for other reasons) it’s an important safeguard to allow other users of your machine only to use an ordinary user account (or a guest account) and to make sure you log out if you leave your PC unattended and you’ve been working in an admin account.

  10. Ex-Sony fan Says:

    This Sony BMG rootkit issue is sooo bizarre…
    Strictly speaking Sony should not use the term CD (Compact Disc)
    about these discs that come with the XCP software. I wonder if Sony
    could call them as “My First Rootkit” instead :)

  11. Steve U.K. Says:

    Yippee….The story has at last just made headlines all over Europe!….But as we all know, Sony have been brought down by the bloggers & not the media in this case, hats off & a bow to them I think & especially to Mark Russinovich!

  12. Daniel Says:

    The problem with SONY is a symptom of a larger problem: corpocrisy, corporatism, and corporations in-league with government.

    A fundamental change in government and law enforcement must take place first. Otherwise, corporations will continue to do such things.

    Consider the corporate/investor fraud; cooking the books; stock fraud; failure of the SEC to regulate and prosecute violators.

    Consider the dysfunctional and corrupt legal system, a perversion of the laws to do the very things they are supposed prevent, insufficient or selective law enforcement, legal plunder (e.g. abuse of eminent domain laws and recent, alarming supreme court rulings), wealth re-distribution, plundered entitlement systems, Gerrymandering to manipulate votes based on geographical boundaries, too many greedy, corrupt, and parasitic ambulance chasers, and idiotic juries allowing astronomical judgments for personal injury litigation with million$ and billion$ going to lawyers, etc.); identity theft (the fastest growing crime in the U.S.), no reliable form of identification (e.g. iris and/or finger-print and/or voice-print, and/or hand-print, etc.), releasing repeat offenders to repeat crimes of rape, child molestation, murder, etc.), pardons by presidents to release convicted criminals, violation or insufficient protection of basic rights (e.g. discrimination, and crimes based on religion, race, gender, age, wealth, sexual preference, etc.), and execution and incarceration of innocent people.

    Corporations in-league with governments are in control.
    Ever read the book: “Confessions of an Economic Hit Man” ?

    This sort of thing, and many other numerous pressing problems can never be resolved unless government enforces the laws justly (no selectively).

    VOIDnow.org is dedicated to work to resolve these many issues. The solution is not as complex as some believe. The problem is not so much that each problem is complex. It’s that they’re simply being ignored. Government is so entrenched in petty partisan warfare, seducing voters into it too, consumed with corrupt campaign finance and graft, and so beholding to big money donors (puppeteers), they ignore the many problems that grow in number and severity, and threaten the future and security of the nation.

    Please see VOIDnow.org to see the most, simple, easy, safe, inexpensive, responsible way to peacefully force government to be responsible and accountable too.

  13. Blog Relations and The Angel Blog » Blog Archive » How Sony got its nickers in a twist over copyright Says:

    […] The Boycott Sony Blog has reason for good cheer. Sony is recalling its CDs that use an insidious copyright protection, that acts something like a virus, and can blow a hole in your computer’s security. […]

  14. Al Maloney Says:

    Let me see now …

    The “little guy” downloads a piece of music and is slammed with a large lawsuit.
    A hacker exploits a weakness and goes to prison.

    When are the Sony executives responsible for this egregious assault on our computers going to prison?

  15. BizzyBlog.com » Sony/BMG Humiliated over OS-Altering Rootkit Says:

    […] UPDATE: The Boycott Sony Blog has some coping suggestions. […]

  16. Tom Says:

    Sony will bend over to the media and especially the courts, and feel what a ‘real’ rootkit can do!

  17. Al Maloney Says:

    If Sonyis doing this, what about the other labels?
    Can we trust any of them?
    Time to boycott all CDs long enough to bring the perps to their knees.
    At the same time they should be prosecuted and a few of them put in prison.
    Why should they be treated different from regular hackers?

  18. Life Insurance blog Says:

    Learn facts about the life insurance industry

    Information on the life insurance industry

Leave a Reply

You must be logged in to post a comment.