Forgot your password?
typodupeerror
Security Sony

Trojan Using Sony DRM Rootkit Spotted 597

Posted by Zonk
from the gift-from-sony-to-you dept.
Analise writes "The Register reports on the first trojan using Sony's DRM rootkit. A newly discovered variant of the Breplibot trojan makes use of the way Sony's rootkit masks files whose filenames begin with '$sys$'. This means that any files renamed this way by the trojan are effectively invisible to the average user. The malware is distributed via an email supposedly from a reputable business magazing requesting that the businessperson verify his/her attached 'picture' to be used for an upcoming issue. Once the payload is executed, the trojan then installs an IRC backdoor on affected Windows systems."
This discussion has been archived. No new comments can be posted.

Trojan Using Sony DRM Rootkit Spotted

Comments Filter:
  • Rant Time... (Score:2, Interesting)

    by Anonymous Coward
    Sony, you are despicable loathing scum who will no longer get another penny from me. For deliberately putting computers I maintain at risk to save a penny on your end, I find you guilty as charged. Microsoft should be suing you for such as well. In fact everyone just gang up on Sony and charge with those attorneys. Burn in hell bastards...
    • by freedom_india (780002) on Thursday November 10, 2005 @12:22PM (#13998982) Homepage Journal
      With California filing a class-action suit, i think more states and consumers should file suits NOT just for damaging their computers, but delibrate unauthorized entry into another person's property which is a crime.

      Seriously i wish some Sony officials got what Worldcomm's Ebbers got: 25 years for entering into another property without permission, vandalism, etc. The less privileged have got far worse sentences for lesser crimes all along

      And more so, Sony should replace EVERY affected computer with a brand new Vaio.

  • by Ooblek (544753) on Thursday November 10, 2005 @12:17PM (#13998912)
    It's just a rumor, but Sony should have some Engineering and Executive positions open in 3....2....1...
    • by portwojc (201398) on Thursday November 10, 2005 @12:22PM (#13998976) Homepage
      It's not the enginners fault. It's the ones that decided to put it out.

      • by Lemmy Caution (8378) on Thursday November 10, 2005 @12:54PM (#13999334) Homepage
        Eh, that's a little "I was only following orders" for my blood.

        If I'm working for a homicidal maniac and I build a gun for him, I'm not innocent when he goes on a rampage.

        Werner Heisenberg claims that he sabotaged the Nazi atomic bomb effort. If that's true, this would have been a very different world if he had just decided to be a "good engineer." (Yes, Godwin, blah blah. I don't think it applies.)
        • by forand (530402) on Thursday November 10, 2005 @02:15PM (#14000346) Homepage
          The problem with your analogy is that the developers, in all likilihood, did not know what this is going to be used for. Sony purchased the rootkit from another company which may have some valid reason for making these. The part that is so bad is NOT the rootkit itself but that it was included in the CD.
          • by LarsG (31008) on Thursday November 10, 2005 @02:23PM (#14000444) Journal
            Sony purchased the rootkit from another company which may have some valid reason for making these.

            First 4 Internet made the XCP DRM system, rootkit and all. Their business model is to develop and sell DRM products to the music industry. So the programmers at F4I must have been deaf and blind in order not to know that the rootkit would be distributed on 'audio' CDs.
      • by jcr (53032)
        It's not the enginners fault. It's the ones that decided to put it out.

        Bullshit. The engineers are the ones who should know right from wrong. Sony wouldn't even have attempted this if their so-called "engineers" hadn't played along.

        -jcr

        • by MightyMartian (840721) on Thursday November 10, 2005 @01:17PM (#13999641) Journal
          Oh gimme a break. The media companies are delerious with the power granted them by their whores in Congress. The engineers, I'm sure, were given no real choice in the matter. Remember, it is RIAA, the MPAA and all those sleeze bag politicians who'd sell their own mothers for a little political cash who have produced this abomination. If you want to solve the problem, tell all the people in your district that your congressman is a hooker sucking off the teats of media giants, and tell them to make this kind of behavior an election issue.
      • by jafac (1449)
        It does not matter if it was the Engineer's fault. Can you say Scapegoat? I knew you could. Who plays golf with the CEO? The Engineer? Or the VP of Distribution and IP Protection?

        "that damn engineer, he said he had the technology to fool the hackers out there so they couldn't detect our DRM. . . ."

        Or, another phrase comes to mind; ". . . you have failed me for the last time. . . "
    • by Daniel_Staal (609844) <DStaal@usa.net> on Thursday November 10, 2005 @12:29PM (#13999058)
      Remember: Sony didn't write the rootkit. They bought it from someone else.

      Now, the question is, what department thought it was a good idea? Sales and Marketing? Legal? Somebody had to think it was worth the money...
      • by Guppy06 (410832) on Thursday November 10, 2005 @12:44PM (#13999227)
        " Remember: Sony didn't write the rootkit. They bought it from someone else."

        Remember: your Friendly Neighborhood Crack Dealer didn't grow the coca. They bought it from someone else.
      • Yeah, Sony only delivered it to people just trying to listen to music.

        I sure (Insert Your Favorite Murderer Here) didn't manufacture the bullets he used to kill his victims either.

      • by NickFortune (613926) on Thursday November 10, 2005 @12:50PM (#13999294) Homepage Journal
        Remember: Sony didn't write the rootkit. They bought it from someone else.

        That sounds like you're letting Sony off the hook, but I don't think it works like that. I mean, suppose I were to sell you a poisoned soda and that as a result you nearly die. Would it matter if I bought the poison from someone else?

        Not to mention trying to conceal its presence and lying about its function.

        I think Sony stand to take a hiding over this one.

      • Remember: Sony didn't write the rootkit. They bought it from someone else.

        This makes no difference at all in their culpability, as I'm sure the Judge will explain to them.

        -jcr

    • by Fx.Dr (915071)
      Does this now mean that Sony is open to criminal negligence lawsuits as well?
  • Couldn't see this one coming from day one or anything.

    -Rick
  • Boycott Sony (Score:5, Interesting)

    by Winckle (870180) <mark@[ ]ckle.co.uk ['win' in gap]> on Thursday November 10, 2005 @12:18PM (#13998924) Homepage
    I reccomend voting with our wallets, and not purchasing Sony/BMG products. Also see here [boycottsony.us]

    Also here [first4internet.com] is the company that created the DRM technology.
    • Notice how it's always the most pathetically shitty little software companies that make these things? You'd think Sony could field a good programming team to develop their DRM software. Instead, they subcontract to the worst that the field has to offer.

      They probably thought they could save some money, and are now facing class-action lawsuits. A classic example of penny-wise pound-foolish, as the Brits used to say.

  • by xlr8ed (726203) on Thursday November 10, 2005 @12:18PM (#13998925)
    You might want to add a couple of more zeros to the settlement check you are thinking about
  • by dada21 (163177) * <adam.dada@gmail.com> on Thursday November 10, 2005 @12:18PM (#13998926) Homepage Journal
    Irregardless of the existence of government, the natural rights of an individual cannot be given away (you can't sell yourself into slavery, you can't tell a higher power that it's ok to kill you). One such right is the right to private property, closed to others' prying eyes or presence.

    One great force behind this right is that past acts bear no allowances for future acts. If I let you into my house yesterday, you have no right to be here today. I may contractually allow you to come and go as you please, but I have to willfully sign the contract with witnesses noting the act.

    Sony's DRM uses government force (through copyright provisions) to settle its legality. They say that by using their property, you have to permanently give up your natural right to private property (free speech Statists wrongfully call it Right to Privacy). Sony is wrong.

    By violating numerous natural rights, Sony has opened itself to a demand for restitution. I wholeheartedly believe that corporate protections are wrong, as is copyright. My solution? Go after Sony through the shareholders directly (they own the business and allowed the breach of a basic human right). Demand restitution for the trojan if you receive it.

    Imagine if you buy a Saab and Saab has an agreement stating "If you turn the car on, you allow two Saab employees to ride in your trunk and search your house for proof you might install a non-Saab oil filter." You've signed nothing. The two Saab employees open your house door, take up residence and leave the door wide open. Two typical pro-copyright arguments: You're not allowed to install non-Saab oil filters or how else would Saab make money? Why would they design cars?

    This is the problem with copyright. Instead of individuals protecting proprietary information of value (books, music, etc) and producing it in the best way over anyone else (live shows, subscriptions to new music, etc), they say "copy us and government will use force against you."

    It's all wrong. Don't publicly say anything valuable to you. Don't think you can come in my home because you did once before. Don't think you can rape me because a note in your pocket says you're allowed to, and I let you in without checking your pockets.
    • A natural right to private property??? No. This is a LEGAL right - an artificial construct of an organized society. Interesting post all around. You had me right up until you said "irregardless."

      • The natural right to private property that you take an active role in maintaining and upgrading has been recognized for hundreds of years. Locke, George, and dozens of others have successfully debated it.

        Google [google.com] for some great links.
    • by Anonymous Coward
      Do not use irregardless . [getitwriteonline.com]
    • by jotok (728554) on Thursday November 10, 2005 @12:29PM (#13999053)
      I am with you on almost everything except this:

      One such right is the right to private property, closed to others' prying eyes or presence.

      To me, this doesn't seem as "self-evident" as the other rights (Life, Liberty, freedom to pursue happiness, etc.) in the D of C. But it does seem to make sense as a possible necessary qualification to achieve the other three: I could live, be free, and try to be happy without owning anything, but it might be exceedingly difficult.

      Just sayin'.

      (Also, "irregardless" is not a word)
    • Who grants the natural right to property?

      For example, I own the world. So I can go anywhere I please, including into 'your' home which is really mine.

      You might suggest that the state decides who owns what, and the state says you own your home. But if so, then they also have the power to decide what the limits on that ownership are, including the powers of copyright.

      If you rely on the force of the state to create property rights, then you pretty much have to go along with the whole legal system in determin
      • by Wylfing (144940) <brian@wyGAUSSlfing.net minus math_god> on Thursday November 10, 2005 @01:30PM (#13999800) Homepage Journal
        Who grants the natural right to property?

        This drives me insane. What are they teaching kids in school these days anyway? Natural rights are not granted. They are naturally yours because you are human being. They can neither be granted nor taken away. That's why you cannot sign a contract (at least, you can't in the U.S.) that says "I agree to sell myself into slavery in exchange for $100." It's not enforceable, because you cannot sign away a natural right.

        Small rant: This complete lack of understanding of natural rights leads to a lot of rotten decision-making. As soon as you start thinking the state "grants rights" (it doesn't), you start thinking it's OK for the state to take them away (it's not). In fact, it's exactly the reverse. You grant powers to the state, and you can take them away. The government has powers only at your whim.

        • Here is a useful definition of "natural right" that might help people understand the natural rights perspective:

          natural right(n): A political condition required for the life of a morally autonomous being.

          A natural right, in this view, is to political or social life what the requrirement for food, water or air is to physical life. I cannot say, "I relenquish my need for food" in any meaningful sense, because it is my nature to need food to live.

          Likewise, for a being whose mode of life
    • by iambarry (134796) on Thursday November 10, 2005 @12:39PM (#13999181) Homepage
      If I let you into my house yesterday, you have no right to be here today
      While you may be correct WRT US property laws, it seems to me that vampire rules call [imdb.com] for a vampire to have free reign over your house in perpetuity if they are ever invited in. Perhaps Sony is operating using Vapire law rather than US law?

      BTW - irregardless [reference.com]
    • by brunes69 (86786)

      Irregardless of the existence of government, the natural rights of an individual cannot be given away (you can't sell yourself into slavery, you can't tell a higher power that it's ok to kill you). One such right is the right to private property, closed to others' prying eyes or presence.

      This is crap. If I want to end my life, I should most certianly be allowed to give someone the right to kill me. I tis *my* life, no one should have any say what I do with it but me. Same goes with the slavery question. M

    • Interesting post.

      One nit, Sony is almost certainly structured as a limited liability corp. specifically so that you can't go after the shareholders. Do you think that LLCs are wrong?

      In my opinion LLCs are very valuable because they allow ordinary people to invest in corporations without becoming personally, legally and financially responsible for that companies actions. While this certainly can have the effect of diffusing fault, I feel that this is out weight by the positive economic impact of facilitati
    • by jd (1658) <{moc.oohay} {ta} {kapimi}> on Thursday November 10, 2005 @01:29PM (#13999778) Homepage Journal
      In some countries (such as Britain) there is no law of trespass. There is a law against breaking and entering, there is a law against causing damage and there are numerous privacy laws, but if you aren't causing a problem then your ancient (pre-enclosures act) rights cannot be abbridged. Further, if there is a traditional, ancient right-of-way through your land, then you have absolutely no rights whatsoever to block, divert or otherwise interfere with that right-of-way. You may own the land on paper, but the land owns itself in many ways, in the eyes of the law.

      Furthermore, in most (if not all) countries, "land ownership" does NOT include mineral rights (which are arguably a significant part of the land) and can often be overruled or dismissed by the Government should they decide they can make better use of the land (5th Amenndment in the USA includes this provision, I believe). As such, it is not really ownership and can - at best - be called borrowing from the State.

      There are countries in which private ownership of any kind simply isn't recognized at all. Everything is communal. Such societies don't seem to be any less rights-respecting than any other. Indeed, the USA - which has more codified rights than almost any other country - has one of the worst records of any country for actually honoring what is codified. Indeed, not only is it not honored, even when the courts rule against it, the US Government doesn't always respect those decisions. (The Sioux won in the Supreme Court to have the Black Hills revert to them - that was something like 40 or 50 years ago and the US Government is still refusing to honor the ruling.) Even when it does respect them, it has the power to replace any judge that rules against them (as threatened by DeLay over the Terri Schaivo case) which does damage any semblance of independence or impartiality.

      I do believe there are Natural Rights. I believe there is a Natural Right for any individual to be seen for oneself, that there is a Natural Right for any individual to improve their quality of life, that there is a Natural Right for any individual to hold to any beliefs they so choose, that there is a Natural Right for any individual or group to privacy and that there is a Natural Right for any individual or group to maximise potential and minimise harm.

      Most of these are what Republicans and Libertarians would consider obnoxiously socialist. The only way to maximise potential is to maximise the flow of information and to guarantee the practicalities of learning that information in a manner that is useful and usable. In other words, maximal quality education and minimal restraint on learning. In practice, if you're from a poor family in a poor area in the US, the only way to learn is to be good at sports or be in the military. Oh, and be male. Poor females in the US are left to rot, regardless. The only way to be good at sports in the US seems to be to take dangerous (and eventually lethal) drugs. Brain damage and other sporting injuries are pretty common. The US military is routinely accused of fraudulant claims in recruitment efforts, violent abuse (sometimes lethal) against recruits and persecution of non-Christians. Rape of females in the US military also appears to be a common complaint - and rarely investigated.

      Rights - Natural or otherwise - are only meaningful if enforcable. This is one reason the original version of the Magna Carta stipulated the right to seize (by force, if necessary) judicially-awarded compensation or enforce judicially-awarded rulings against the Government (in that case, the king). In other words, nobody - absolutely nobody - was above the law, and nobody could use executive priviledges to abuse the law or anything else. Name me one country that has such a provision today. (No, the US impeachment procedure doesn't count. The current Congress wouldn't impeach Bush if he was caught red-handed in an act of treason, and the population at large has no impeachment rights. The UK's vote of no co

  • Holy cow. Knew it was coming though.
  • by matt me (850665) on Thursday November 10, 2005 @12:19PM (#13998938)
    "The response of anti-virus firms, some of which have only promised to flag up rather than block system changes made by Sony-BMG's rootkit, remains unclear. "
    Ooh fun to be had here. Sony are gonig to love this publicity.

    Ha ha. I have little respect for these companies who I see to be the same as those who four hundred years ago sold "herbs" to protect you from the plague. These ppl still profit from ppl's lack of knowledge.
  • Oh noes! (Score:5, Funny)

    by taskforce (866056) on Thursday November 10, 2005 @12:19PM (#13998939) Homepage
    Early reports indicate the IRC backdoor is used by the propagator of the virus to bombard you with random chat messages from #windowshelp. So far the most common phrases appearing are "how do i reformat" and "how do i download the internet?"
  • by HMC CS Major (540987) on Thursday November 10, 2005 @12:19PM (#13998940) Homepage
    Since there was some confusion about how you can tell if this rootkit is installed, remember that it hides files beginning with '$sys$' -

    1) If you're not using windows, you're fine.
    2) Create a file on your desktop ('test.txt' should be fine). Rename the file to '$sys$test.txt'.

    If the file is gone, you're vulnerable.
    • Since there was some confusion about how you can tell if this rootkit is installed, remember that it hides files beginning with '$sys$' -

      1) If you're not using windows, you're fine.
      2) Create a file on your desktop ('test.txt' should be fine). Rename the file to '$sys$test.txt'.

      If the file is gone, you're vulnerable.


      How about a "read-only" way?
      Boot with Knoppix
      At the command prompt:
      $su bash
      #mkdir cdrive
      #mount /dev/hdc cdrive -o ro,noexec
      #find cdrive -name $sys$* -print

      Any hits? You got da SonySyph.
  • by JumperCable (673155) on Thursday November 10, 2005 @12:19PM (#13998946)
    I hear the trojan witter is also using an unusual distribution method. Ricky Martin CDs.
  • Evil? Yes. But there are uses! Not that it has any affect on my Mac or Ubuntu box...

    Well, I was debating buying a PS3 instead of a Nintendo Revolution. Not anymore!
  • by Tibor the Hun (143056) on Thursday November 10, 2005 @12:21PM (#13998967)
    Can anyone explain if this rootkit prompts for a password when installing (during the autorun, I presume)

    As an OS X user, I'd find it slightly odd that my music CD is prompting me for an administrative password.

    But to stay on topic, I'm sure this is but one of the many exploits that will be based on this rootkit.
    Does anyone have a comprehensive list of CDs that install it, and is it true that Sony has been using it since April?
    • No, because 99.975% of Windows users run as super users.

      On OS X, accounts marked as Administrators are really regular users who happen to have sudo powers, so you have to type in your password.

    • Can anyone explain if this rootkit prompts for a password when installing (during the autorun, I presume)

      Under Windows, when you're logged in as the administrator, you don't need any further password to proceed with, say, installing a rootkit. If you're a Home user, you can't give limited privileges, so you have no option, for the vast majority of crappily-written software, but to install it as an administrator (albeit with Spybot S&D and StartupMonitor running in the background to catch the seventee

    • OK, I've found a partial list, but according to the article SONY/BMG are not releasing a complete list:

      Trey Anastasio, Shine (Columbia)
      Celine Dion, On ne Change Pas (Epic)
      Neil Diamond, 12 Songs (Columbia)
      Our Lady Peace, Healthy in Paranoid Times (Columbia)
      Chris Botti, To Love Again (Columbia)
      Van Zant, Get Right with the Man (Columbia)
      Switchfoot, Nothing is Sound (Columbia)
      The Coral, The Invisible Invasion (Columbia)
      Acceptance, Phantoms (Columbia)
      Susie Suh, Susie Suh (Epic)
      Amerie, Touch (Columbia)
      Life of Ago
    • You know perfectly well that it does not.

      That said, on operating systems like OS X or Linux where the user is prompted for their password to make routine configuration changes, password fatigue is a common issue. I'm sure many people would enter it regardless ("oh jeez, another damn password prompt? go away ....").

      Also, for what it's worth OS X is hardly the pinnacle of security. There have been enough scary instant-code-execution problems in Safari (one within days of 10.4 being released) that I see no

    • by NSObject (250170) on Thursday November 10, 2005 @12:56PM (#13999361)
      It looks like there's an OS X version as well, but from a different source. Here's a reader comment from macintouch.com...

      Darren Dittrich followed up on the discovery that Sony was playing a dirty trick on its customers, secretly installing a malware-style "root kit" on their computers via audio CDs:

      I recently purchased Imogen Heap's new CD (Speak for Yourself), an RCA Victor release, but with distribution credited to Sony/BMG. Reading recent reports of a Sony rootkit, I decided to poke around. In addition to the standard volume for AIFF files, there's a smaller extra partition for "enhanced" content. I was surprised to find a "Start.app" Mac application in addition to the expected Windows-related files. Running this app brings up a long legal agreement, clicking Continue prompts you for your username/password (uh-oh!), and then promptly exits. Digging around a bit, I find that Start.app actually installs 2 files: PhoenixNub1.kext and PhoenixNub12.kext.

      Personally, I'm not a big fan of anyone installing kernel extensions on my Mac. In Sony's defense, upon closer reading of the EULA, they essentially tell you that they will be installing software. Also, this is apparently not the same technology used in the recent Windows rootkits (made by XCP [xcp-aurora.com]), but rather a DRM codebase developed by SunnComm, who promotes their Mac-aware DRM technology [sunncomm.com] on their site.
    • by _xeno_ (155264) on Thursday November 10, 2005 @12:59PM (#13999407) Homepage Journal

      Short answer: No, it just assumes you're running as an administrator, which is generally true.

      Much longer answer:

      Windows XP comes from two roots: Windows as a DOS shell, and Windows NT. Both of these operating systems encouraged running as Administrator, for a variety of reasons.

      Windows as a DOS shell is easy to explain, it was a single-user system, and therefore really had no security system in place at all. This single-user style persisted through to Windows ME, and is essentially "emulated" in Windows XP Home by having the users, by default, run as Administrators. (You can change them to regular users after creating new accounts, though.) By default, Windows XP Home doesn't require passwords on accounts - you just click on the user account you want to use, and you're logged in. So even making "less privileged" users isn't all that helpful. (I believe, by default, Windows XP Home DOES disable the built-in Administrator account, though.)

      Anyway, Windows NT is another story. Technically, an "Administrator" account is just a normal user account that just happens to belong to the Administrators group. Because Windows NT's security model is much more complicated than the Unix security model (and I'd argue much more robust), essentially the Administrators group is a group with all permissions set to "allow." (There is a super-user under Windows NT. It's called "SYSTEM" and it's essentially identical to root under Unix.)

      But anyway, Windows NT's security model is very complicated. Combined with no ability to "sudo" in Windows NT 4, most people who used NT just made themselves Administrators so that they didn't have to poke around the miriade of settings and ACLs to give them permissions to do whatever they needed to do.

      Windows 2000 added "Run As" which allows you to essentially "su" and switch to another account when starting a program. This meant that it would in theory be possible to administer a system from a non-privileged account, much like Mac OS X does.

      But the damage was already done. Most of the Windows software had been written for Windows 9x or assumed that you'd be an administrator under Windows NT. So attempting to run as a non-privileged account required constantly using the Run As feature to run the programs you needed to use as an administrator. (For a while, Winamp wouldn't run under a non-privileged account.) Of course, this meant that since most programs were running as administrator ANYWAY, you really weren't gaining much security.

      Now, with Windows XP Pro, this is starting to change. Microsoft now requires user programs to run on non-privileged accounts. It's much clearer where user-specific information goes. But the damage has been done. Windows XP Home defaults to an administrator account for all new accounts. Most people are used to not having to enter a password to change their system settings and don't understand the concept of a non-privileged account.

      So almost everyone using Windows is running as an administrator, and therefore there's no need to require a password to install a rootkit. They already have the permissions they require.

  • by hattig (47930) on Thursday November 10, 2005 @12:26PM (#13999019) Journal
    I don't know if they are selling these DRM encrusted music discs in the UK, but if they are, each and every one of them will be breaching the 1990 Computer Misuse Act, and in a way that the act does cover - namely it alters the system without your approval or knowledge. What is doubly sad is that the software was written by a British company. Still, makes it easier to sue them.

    Secondly, does this rootkit install even if you are logged in as a normal Windows user, not Administrator? That suggests a security hole in Windows. However I suspect the issue is Windows making users Administrator by default, which is a really dumb system, security wise.
  • Ahhh, Sony (Score:5, Funny)

    by PhilHibbs (4537) <snarks@gmail.com> on Thursday November 10, 2005 @12:26PM (#13999021) Homepage Journal
    It wouldn't be right if the day went by without a Sony Rootkit story on Slashdot. Seriously, I can't get enough of this story, it's what Slashdot was invented for.
  • by Anonymous Coward on Thursday November 10, 2005 @12:28PM (#13999041)
    Disappearing Rootkit Malware
  • by Anonymous Coward on Thursday November 10, 2005 @12:31PM (#13999081)
    Sony just loves everyone $sys$anally. They are the greatest company ever when it comes to technology $sys$that $sys$sucks. Everyone is gonna love $sys$to $sys$hate Sony, and they will $sys$not buy any Sony product that they see. It's because Sony loves $sys$to $sys$fuck $sys$with their customers.
    • Could it be?! Is "$sys$" the new "^H^H^H"?
      • Re:Fun with $sys$ (Score:4, Interesting)

        by meringuoid (568297) on Thursday November 10, 2005 @04:03PM (#14001628)
        Could it be?! Is "$sys$" the new "^H^H^H"?

        Probably. Since the Sony Rootkit is the big story at the moment, this thread will get read by a lot of people. That post went to +5, and it's got Slashdot memeicity all over it.

        I wouldn't use it as a straight drop-in replacement for ^H^H^H, though; that merely implies 'I nearly wrote this - whoops!' $sys$ conveys malevolence. So, for instance, if someone were to write

        We must invade Iraq to look for oil^H^H^HWMD

        would suggest that oil is at least part of the purpose of the invasion, and that it's just not diplomatic to mention it. A careless typo that reveals too much of what you're thinking. On the other hand

        We must invade Iraq to look for $sys$oil WMD

        would suggest that oil is the real purpose of the invasion, and that this is being deliberately hidden by a lot of bullshit about WMD. A subtext deliberately trojaned in and kept dark.

        Use the $sys$ prefix in place of ^H^H^H to lend a nastier, more malevolent tone to what it is you're editing out.

  • sony vs. microsoft (Score:3, Interesting)

    by doyoulikegoatseeee (930088) on Thursday November 10, 2005 @12:32PM (#13999095)
    so does this at all put sony in hotwater with microsoft legally? perhaps this rootkit, trojan email or not, violates the windows eula.
  • by G4from128k (686170) on Thursday November 10, 2005 @12:34PM (#13999118)
    I've often wondered if non-users of product X can sue the maker of product X if said product causes a major disruption of the internet.


    If someone creates a worm that exploits a negligent design flaw in Sony's DRM or Microsoft Windows, then couldn't the affected sue Sony or Microsoft? This would include non-users of these products whose internet usage was disrupted. And as someone who does NOT use DRMed Sony CDs or Microsoft Windows, I have NOT agreed to these company's EULAs with all their legalese of limited liability. Thus non-users may have more rights to sue than users of these products.

    IANAL. Any thoughts?

  • Are the IRC servers the bot connects to public? If so, has the staff of those networks been informed so that can prevent the zombies from connecting? (Presumably by blocking port 8080 and/or gline anyone joining #sony)

    If the IRC servers are private, will the owners be investigated?

    Can we be just a little proactive in containing this?
    =Smidge=
  • Trojans, root kits? What's with all the talk about sex on /. these days?
  • Infected with DRM (Score:5, Interesting)

    by saskboy (600063) on Thursday November 10, 2005 @12:35PM (#13999131) Homepage Journal
    Here's the Slashdot crowd's chance to get the phrase invented by a Slashdotter out in the public eye. It's important that the public learn that DRM is a bad thing, and this is simply one way to tell them plainly how it is bad. DRM breaks their computer, or makes their life more difficult.

    "Infected with DRM"
            Sony's rootkit has also been linked to Windows crashes, which isn't surprising to me. Most spyware causes instability in Windows because it is poorly written and designed to break parts of Windows to protect itself from removal. Sony writes, "This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."
    The incongruence of their words, is not startling to me, as they are playing a PR game to hide the fact that they messed up people's computers, and made them vulnerable to an attack that hasn't gained popularity yet, but now surely will. Virus writers will be able to easily hide their virus files using programs like Sony's cloaking DRM. Sony is lying that their cloaking DRM does not compromise security of an infected computer.
    http://www.informationweek.com/story/showArticle.j html?articleID=173601122 [informationweek.com]
  • because it should force the antivirus companies to release a rootkit removal tool/virus definition update covering this little bit of nastiness.
  • by dsands1 (183088) on Thursday November 10, 2005 @12:49PM (#13999286)
    Sony President Defends Rootkit
    The President of Sony BMG's Global Digital Business, Thomas Hesse, defends Sony's installation of a rootkit by declaring, "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"

    Source [about.com]
  • Legality (Score:3, Insightful)

    by Jerk City Troll (661616) on Thursday November 10, 2005 @12:53PM (#13999324) Homepage

    If some bored teenager devised and distributed such a rootkit, he or she would be accused of costing businesses millions and thrown in jail for 10 years. Can someone explain to me why Sony is not getting prosecuted for "hacking" here? What makes them exempt (aside from whatever civil lawsuits are being brought against them)?

  • by Anonymous Coward on Thursday November 10, 2005 @12:57PM (#13999378)
    The sales manager at the company I work for recently received a variant of this worm, and after finding that the attachment "didn't do anything" forwarded it on to me to find out why. I extracted the attachment and analysed it in IDA and discovered that it connected to one of two IRC servers and joined a specific channel.

    So posing as the trojan I logged onto the IRC channel. I idled there for a while watching the channel op send commands to the connected bots, and decided to have a go myself. The channel was +m but I could PRIVMSG the bots, and a bit more work in IDA revealed the command set - which contained an unload command. So I scripted my irc client to send a msg to every non-op in the channel with the command .. suddenly they all quit and the room was empty except for me and the op.

    "OH SHIT" he typed. He was more shocked than anything, and then more curious than angry. We ended up having a rather long and interesting conversation about our respective jobs. He told about his bot network, what he uses them for (in the UK it's for harvesting email addresses, apparently), the ££ he gets for it - it's a full time job for him - and who writes most of the bot software (his partner.) He was no stereotypical teenage script kiddie either, more a computer professional turned to the 'dark side' of IT .. I felt quite akin to him in many ways.

    All in all, it was fascinating. (Btw, our firewall blocked the trojan from connecting to IRC and it was fairly easily to remove from the sales manager's laptop)
  • by Fujisawa Sensei (207127) on Thursday November 10, 2005 @12:59PM (#13999397) Journal
    Boycott isn't going to do squat to a company the size of Sony. If Sony BMG's profits actually go down, they'll just blame music pirate and file sharers. Then they'll get laws even worse than the DCMA passes. Everybody who get trojaned with the help of Sony's rootkit needs to sue Sony.
  • by sizzzzlerz (714878) on Thursday November 10, 2005 @01:23PM (#13999713)
    Several years ago, Intuit infested your computer with their own DRM software when you installed their TurboTax software. Of course, the packaging said nothing about it but once it was discovered, the shit hit the fan. They first denied doing anything wrong, then when forced to admit that presence of this software, they insisted it did no harm to the owner's computer. Once again, their logic was that all buyers of the software were thieves and this was protecting their I.P.. Finally, when sales of the product dropped sufficiently, they provided a mechanism to remove said-DRM software, however, TurboTax would no longer run.

    The following year, all traces of this were removed in the next version and, afaik, it has never returned. I, for one, however, haven't bought their product since and don't plan to ever buy from them again.

    I guess Sony just wasn't paying attention.

  • by Esion Modnar (632431) on Thursday November 10, 2005 @02:15PM (#14000347)
    So far, I haven't seen any mention on the mainstream news about this. Maybe because it's too technical, but I think it's because CNN is a company of Time-Warner, and Time-Warner and Sony are fellow MPAA (and/or RIAA?) members. They (CNN) are great about covering the fluff. Count on them to down-play the stuff that hurts their business sleaze.
  • by Esion Modnar (632431) on Thursday November 10, 2005 @02:30PM (#14000509)
    I've tried mentioning this story to some of my non-geek friends, and their eyes just glaze over. I even try phrasing it like, "Sony put something on these CD's that just takes over your computer." They can't get it. The phone rings. The baby cries. Something interesting comes on TV. It's like their brain can't stay focused on the statement that a giant media conglomerate is trying to fuck with their computer, trying to fuck with them. I hate to say it, but these companies will eventually win, because the vast majority of people are so fucking clueless about this stuff, and firmly try to stay clueless. Fucking sheeple.
    • Let me phase it for you. This worked on the people I support. I actually got a decent reaction.

      "Newer Sony CDs install a type of virus on your computer called a root kit."

      The word virus is the key. If the president of Sony doesn't have a clue what a root kit is, then lets cut the BS and use the right word. It is a VIRUS in the since that the only term most normal people really "get" (I know, it isn't a virus as security people define it).
  • by artifex2004 (766107) on Thursday November 10, 2005 @03:17PM (#14001134) Journal
    Boycott Sony by refusing to cover the PS3, and encourage other websites to do the same. If they are denied all the prelaunch coverage they need to create a groundswell of demand, it will have real consequences for them, and they will pay attention.

You had mail, but the super-user read it, and deleted it!

Working...