Hackers use Sony anti-copy software to hide in PCs

Discussion in 'NZ Computing' started by GraB, Nov 11, 2005.

  1. GraB

    GraB Guest

    http://tinyurl.com/cnla7

    AMSTERDAM, Nov 10 (Reuters) - A computer security firm said on
    Thursday it had discovered the first virus that uses music publisher
    Sony BMG's controversial CD copy-protection software to hide on PCs
    and wreak havoc.

    Under a subject line containing the words "Photo approval", a hacker
    has mass-mailed the so-called Stinx-E trojan virus to British email
    addresses, said British anti-virus firm Sophos. When recipients click
    on an attachment, they install malware, which may tear down the
    firewall and gives hackers access to a PC. The malware hides by using
    Sony software that is also hidden -- the software would have been
    installed on a computer when consumers played Sony's copy-protected
    music CDs.


    Original story link:
    http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
    GraB, Nov 11, 2005
    #1
    1. Advertising

  2. GraB

    Shane Guest

    Mainstream media catches up

    Its only taken them a week..
    well.. its only nzcity, but its a step up
    http://home.nzcity.co.nz/news/default.asp?id=56663

    --
    Hardware, n.: The parts of a computer system that can be kicked

    The best way to get the right answer on usenet is to post the wrong one.
    Shane, Nov 11, 2005
    #2
    1. Advertising

  3. GraB

    thingy Guest

    Re: Mainstream media catches up

    Shane wrote:
    > Its only taken them a week..
    > well.. its only nzcity, but its a step up
    > http://home.nzcity.co.nz/news/default.asp?id=56663
    >


    Following the class action(s) should be interesting....how the hell they
    thought they could get away with it I dont know.....

    Now that there are trojans/virii the stakes are much higher....and the
    anti-virus companies seem reluctant to let their tools spot it let alone
    remove it.....could see yet another class action....

    "I bought the anti-virus product and it did not do its job..." the cash
    registers must be ringing at the lawyers.....

    regards

    Thing
    thingy, Nov 11, 2005
    #3
  4. GraB

    shannon Guest

    Re: Mainstream media catches up

    thingy wrote:
    > Shane wrote:
    >
    >> Its only taken them a week..
    >> well.. its only nzcity, but its a step up
    >> http://home.nzcity.co.nz/news/default.asp?id=56663
    >>

    >
    > Following the class action(s) should be interesting....how the hell they
    > thought they could get away with it I dont know.....
    >
    > Now that there are trojans/virii the stakes are much higher....and the
    > anti-virus companies seem reluctant to let their tools spot it let alone
    > remove it.....could see yet another class action....
    >
    > "I bought the anti-virus product and it did not do its job..." the cash
    > registers must be ringing at the lawyers.....
    >
    > regards
    >
    > Thing


    The global head of Sony BMG is quoted as saying on NPR.
    "Most people, I think, don't even know what a rootkit is, so why should
    they care about it?"

    I guess he is going to find out.

    After this breach of trust it will be a cold day in hell before I let
    any CD autorun or accept any installable players from any record company.

    Auto run can be defeated by using the Microsoft Powertoys TweakUI
    http://download.microsoft.com/downl...a6-b352-839afb2a2679/TweakUiPowertoySetup.exe

    Sony DRM CDs can be ripped with EAC and encoded with LAME just like any
    other CD.
    shannon, Nov 11, 2005
    #4
  5. Re: Mainstream media catches up

    shannon wrote:
    > thingy wrote:
    >
    >> Shane wrote:
    >>
    >>> Its only taken them a week..
    >>> well.. its only nzcity, but its a step up
    >>> http://home.nzcity.co.nz/news/default.asp?id=56663
    >>>

    >>
    >> Following the class action(s) should be interesting....how the hell
    >> they thought they could get away with it I dont know.....
    >>
    >> Now that there are trojans/virii the stakes are much higher....and the
    >> anti-virus companies seem reluctant to let their tools spot it let
    >> alone remove it.....could see yet another class action....
    >>
    >> "I bought the anti-virus product and it did not do its job..." the
    >> cash registers must be ringing at the lawyers.....
    >>
    >> regards
    >>
    >> Thing

    >
    >
    > The global head of Sony BMG is quoted as saying on NPR.
    > "Most people, I think, don't even know what a rootkit is, so why should
    > they care about it?"
    >
    > I guess he is going to find out.
    >
    > After this breach of trust it will be a cold day in hell before I let
    > any CD autorun or accept any installable players from any record company.
    >
    > Auto run can be defeated by using the Microsoft Powertoys TweakUI
    > http://download.microsoft.com/downl...a6-b352-839afb2a2679/TweakUiPowertoySetup.exe


    If you don't want to turn it off across the board, just hold down shift
    when you insert a CD
    Nathan Mercer, Nov 11, 2005
    #5
  6. Re: Mainstream media catches up

    In <437444cd$> Nathan Mercer wrote:
    > shannon wrote:
    >>
    >> The global head of Sony BMG is quoted as saying on NPR.
    >> "Most people, I think, don't even know what a rootkit is, so why
    >> should they care about it?" I guess he is going to find out. After
    >> this breach of trust it will be a cold day in hell before I let any
    >> CD autorun or accept any installable players from any record company.
    >>
    >> Auto run can be defeated by using the Microsoft Powertoys TweakUI
    >> http://download.microsoft.com/download/f/c/a/fca6767b-9ed9-45a6-b352-
    >> 839afb2a2679/TweakUiPowertoySetup.exe

    >
    > If you don't want to turn it off across the board, just hold down
    > shift when you insert a CD


    That works only as long as you always remember to hold the shift key
    down. If you forget just once...

    Mac users went through a similar problem years ago. When QuickTime 2.0
    came out it added an autoplay feature, which was basically the same as
    the Windows feature. Shortly after that the AutoStart 9805 worm was
    released. It infected a lot of Macs in desktop publishing businesses
    where it could be easily passed around on the large capacity removable
    disks in common use, and even made it on to at least one magazine cover
    CD-ROM. QT 2.5 introduced a user option to turn off autoplay, and most
    people kept it turned off. Because of this autoplay was never used much (
    I have never seen or even heard of a Mac disk with it), and it was
    dropped altogether from the Mac OS X version of QT.

    --
    Roger Johnstone, Invercargill, New Zealand
    http://roger.geek.nz/
    ________________________________________________________________________
    No Silicon Heaven? Preposterous! Where would all the calculators go?

    Kryten, from the Red Dwarf episode "The Last Day"
    Roger Johnstone, Nov 11, 2005
    #6
  7. GraB

    shannon Guest

    Re: Mainstream media catches up

    Roger Johnstone wrote:
    > In <437444cd$> Nathan Mercer wrote:
    >
    >>shannon wrote:
    >>
    >>>The global head of Sony BMG is quoted as saying on NPR.
    >>>"Most people, I think, don't even know what a rootkit is, so why
    >>>should they care about it?" I guess he is going to find out. After
    >>>this breach of trust it will be a cold day in hell before I let any
    >>>CD autorun or accept any installable players from any record company.
    >>>
    >>>Auto run can be defeated by using the Microsoft Powertoys TweakUI
    >>>http://download.microsoft.com/download/f/c/a/fca6767b-9ed9-45a6-b352-
    >>>839afb2a2679/TweakUiPowertoySetup.exe

    >>
    >>If you don't want to turn it off across the board, just hold down
    >>shift when you insert a CD

    >
    >
    > That works only as long as you always remember to hold the shift key
    > down. If you forget just once...
    >
    > Mac users went through a similar problem years ago. When QuickTime 2.0
    > came out it added an autoplay feature, which was basically the same as
    > the Windows feature. Shortly after that the AutoStart 9805 worm was
    > released. It infected a lot of Macs in desktop publishing businesses
    > where it could be easily passed around on the large capacity removable
    > disks in common use, and even made it on to at least one magazine cover
    > CD-ROM. QT 2.5 introduced a user option to turn off autoplay, and most
    > people kept it turned off. Because of this autoplay was never used much (
    > I have never seen or even heard of a Mac disk with it), and it was
    > dropped altogether from the Mac OS X version of QT.
    >


    If Sony can do this, I wouldn't trust coverdisks either.
    I think its just become another regular Windows exploit.
    shannon, Nov 11, 2005
    #7
  8. In article <>,
    says...
    > ubject: Hackers use Sony anti-copy software to hide in PCs
    > From: GraB <>
    > Newsgroups: nz.comp
    >
    > http://tinyurl.com/cnla7
    >
    > AMSTERDAM, Nov 10 (Reuters) - A computer security firm said on
    > Thursday it had discovered the first virus that uses music publisher
    > Sony BMG's controversial CD copy-protection software to hide on PCs
    > and wreak havoc.
    >


    Could see that one coming from a mile off.

    Here's another funny one, from the comp.sys.ibm.pc.games.* hierarchy -
    people discussing how much of a p.i.t.a. copy protection on games can
    be, particular types of 'safedisk' that check for the presence of
    daemontools, alcohol et cetera - so the suggestion was floated to use
    the Sony rootkit to hide CD emulators from SafeDisk malware by
    exploiting Sony malware.

    It's kind of amusing, but in the end I'm just shaking my head. All that
    bloody effort, time and money that gets wasted on that shit ...

    -P.

    --
    =========================================
    firstname dot lastname at gmail fullstop com
    Peter Huebner, Nov 11, 2005
    #8
  9. Re: Mainstream media catches up

    On Fri, 11 Nov 2005 21:14:21 +1300, someone purporting to be Nathan Mercer
    didst scrawl:

    > shannon wrote:

    *SNIP*
    > If you don't want to turn it off across the board, just hold down shift
    > when you insert a CD


    I hope your bosses know you're in here breaking the DMCA, Nathan. You're
    advising people how to circumvent an "effective technical measure", and
    that's a no-no.

    What's scary is that I'm actually only very slightly taking the piss -
    mainly because you're in NZ. In the US you could get in real trouble for
    telling people this.
    What a fucked-up world this is :/

    --
    Matthew Poole
    "Don't use force. Get a bigger hammer."
    Matthew Poole, Nov 11, 2005
    #9
  10. GraB

    Not Dave Guest

    Re: Mainstream media catches up

    On Fri, 11 Nov 2005 22:27:48 +1300, shannon <> growled
    these words from under a rock:

    >Roger Johnstone wrote:
    >> In <437444cd$> Nathan Mercer wrote:
    >>
    >>>shannon wrote:
    >>>
    >>>>The global head of Sony BMG is quoted as saying on NPR.
    >>>>"Most people, I think, don't even know what a rootkit is, so why
    >>>>should they care about it?" I guess he is going to find out. After
    >>>>this breach of trust it will be a cold day in hell before I let any
    >>>>CD autorun or accept any installable players from any record company.
    >>>>
    >>>>Auto run can be defeated by using the Microsoft Powertoys TweakUI
    >>>>http://download.microsoft.com/download/f/c/a/fca6767b-9ed9-45a6-b352-
    >>>>839afb2a2679/TweakUiPowertoySetup.exe
    >>>
    >>>If you don't want to turn it off across the board, just hold down
    >>>shift when you insert a CD

    >>
    >>
    >> That works only as long as you always remember to hold the shift key
    >> down. If you forget just once...
    >>
    >> Mac users went through a similar problem years ago. When QuickTime 2.0
    >> came out it added an autoplay feature, which was basically the same as
    >> the Windows feature. Shortly after that the AutoStart 9805 worm was
    >> released. It infected a lot of Macs in desktop publishing businesses
    >> where it could be easily passed around on the large capacity removable
    >> disks in common use, and even made it on to at least one magazine cover
    >> CD-ROM. QT 2.5 introduced a user option to turn off autoplay, and most
    >> people kept it turned off. Because of this autoplay was never used much (
    >> I have never seen or even heard of a Mac disk with it), and it was
    >> dropped altogether from the Mac OS X version of QT.
    >>

    >
    >If Sony can do this, I wouldn't trust coverdisks either.
    >I think its just become another regular Windows exploit.


    Yep. Rootkits are the "next big thing" security-wise.

    And it's not just limited to Windows.
    Not Dave, Nov 11, 2005
    #10
  11. GraB

    Shane Guest

    Re: Mainstream media catches up

    On Fri, 11 Nov 2005 22:27:48 +1300, shannon wrote:

    > Roger Johnstone wrote:
    >> In <437444cd$> Nathan Mercer wrote:
    >>
    >>>shannon wrote:
    >>>
    >>>>The global head of Sony BMG is quoted as saying on NPR.
    >>>>"Most people, I think, don't even know what a rootkit is, so why
    >>>>should they care about it?" I guess he is going to find out. After
    >>>>this breach of trust it will be a cold day in hell before I let any
    >>>>CD autorun or accept any installable players from any record company.
    >>>>
    >>>>Auto run can be defeated by using the Microsoft Powertoys TweakUI
    >>>>http://download.microsoft.com/download/f/c/a/fca6767b-9ed9-45a6-b352-
    >>>>839afb2a2679/TweakUiPowertoySetup.exe
    >>>
    >>>If you don't want to turn it off across the board, just hold down
    >>>shift when you insert a CD

    >>
    >>
    >> That works only as long as you always remember to hold the shift key
    >> down. If you forget just once...
    >>
    >> Mac users went through a similar problem years ago. When QuickTime 2.0
    >> came out it added an autoplay feature, which was basically the same as
    >> the Windows feature. Shortly after that the AutoStart 9805 worm was
    >> released. It infected a lot of Macs in desktop publishing businesses
    >> where it could be easily passed around on the large capacity removable
    >> disks in common use, and even made it on to at least one magazine cover
    >> CD-ROM. QT 2.5 introduced a user option to turn off autoplay, and most
    >> people kept it turned off. Because of this autoplay was never used much (
    >> I have never seen or even heard of a Mac disk with it), and it was
    >> dropped altogether from the Mac OS X version of QT.
    >>

    >
    > If Sony can do this, I wouldn't trust coverdisks either.
    > I think its just become another regular Windows exploit.


    I caught this on /. yesterday,
    http://www.macintouch.com/#tip.2005.11.10.sony

    I recently purchased Imogen Heap's new CD (Speak for Yourself), an RCA Victor
    release, but with distribution credited to Sony/BMG. Reading recent
    reports of a Sony rootkit, I decided to poke around. In addition to the
    standard volume for AIFF files, there's a smaller extra partition for
    "enhanced" content. I was surprised to find a "Start.app" Mac application
    in addition to the expected Windows-related files. Running this app brings
    up a long legal agreement, clicking Continue prompts you for your
    username/password (uh-oh!), and then promptly exits. Digging around a bit,
    I find that Start.app actually installs 2 files: PhoenixNub1.kext and
    PhoenixNub12.kext.
    Personally, I'm not a big fan of anyone installing kernel extensions on
    my Mac. In Sony's defense, upon closer reading of the EULA, they
    essentially tell you that they will be installing software. Also, this is
    apparently not the same technology used in the recent Windows rootkits
    (made by XCP), but rather a DRM codebase developed by SunnComm, who
    promotes their Mac-aware DRM technology on their site.

    Basically, the MAC's are getting stuff installed as well, its just not as
    'offensive' and.. requires EULA

    --
    Hardware, n.: The parts of a computer system that can be kicked

    The best way to get the right answer on usenet is to post the wrong one.
    Shane, Nov 11, 2005
    #11
  12. GraB

    thingy Guest

    Re: Mainstream media catches up

    Not Dave wrote:
    > On Fri, 11 Nov 2005 22:27:48 +1300, shannon <> growled
    > these words from under a rock:
    >
    >
    >>Roger Johnstone wrote:
    >>
    >>>In <437444cd$> Nathan Mercer wrote:
    >>>
    >>>
    >>>>shannon wrote:
    >>>>
    >>>>
    >>>>>The global head of Sony BMG is quoted as saying on NPR.
    >>>>>"Most people, I think, don't even know what a rootkit is, so why
    >>>>>should they care about it?" I guess he is going to find out. After
    >>>>>this breach of trust it will be a cold day in hell before I let any
    >>>>>CD autorun or accept any installable players from any record company.
    >>>>>
    >>>>>Auto run can be defeated by using the Microsoft Powertoys TweakUI
    >>>>>http://download.microsoft.com/download/f/c/a/fca6767b-9ed9-45a6-b352-
    >>>>>839afb2a2679/TweakUiPowertoySetup.exe
    >>>>
    >>>>If you don't want to turn it off across the board, just hold down
    >>>>shift when you insert a CD
    >>>
    >>>
    >>>That works only as long as you always remember to hold the shift key
    >>>down. If you forget just once...
    >>>
    >>>Mac users went through a similar problem years ago. When QuickTime 2.0
    >>>came out it added an autoplay feature, which was basically the same as
    >>>the Windows feature. Shortly after that the AutoStart 9805 worm was
    >>>released. It infected a lot of Macs in desktop publishing businesses
    >>>where it could be easily passed around on the large capacity removable
    >>>disks in common use, and even made it on to at least one magazine cover
    >>>CD-ROM. QT 2.5 introduced a user option to turn off autoplay, and most
    >>>people kept it turned off. Because of this autoplay was never used much (
    >>>I have never seen or even heard of a Mac disk with it), and it was
    >>>dropped altogether from the Mac OS X version of QT.
    >>>

    >>
    >>If Sony can do this, I wouldn't trust coverdisks either.
    >>I think its just become another regular Windows exploit.

    >
    >
    > Yep. Rootkits are the "next big thing" security-wise.
    >
    > And it's not just limited to Windows.


    rootkits have been an issue for years....some of the up to date comments
    are, root kits are the next big issue on Windows boxes....there is no
    great acceleration seen in the issue for Unix/Linux.

    The trend of people buying macs is interesting...quite a few state it as
    a move to a more secure platform as their reason for switching.....

    regards

    Thing
    thingy, Nov 11, 2005
    #12
  13. GraB

    David Guest

    Peter Huebner wrote:
    > In article <>,
    > says...
    >
    >>ubject: Hackers use Sony anti-copy software to hide in PCs
    >>From: GraB <>
    >>Newsgroups: nz.comp
    >>
    >>http://tinyurl.com/cnla7
    >>
    >>AMSTERDAM, Nov 10 (Reuters) - A computer security firm said on
    >>Thursday it had discovered the first virus that uses music publisher
    >>Sony BMG's controversial CD copy-protection software to hide on PCs
    >>and wreak havoc.
    >>

    >
    >
    > Could see that one coming from a mile off.
    >
    > Here's another funny one, from the comp.sys.ibm.pc.games.* hierarchy -
    > people discussing how much of a p.i.t.a. copy protection on games can
    > be, particular types of 'safedisk' that check for the presence of
    > daemontools, alcohol et cetera - so the suggestion was floated to use
    > the Sony rootkit to hide CD emulators from SafeDisk malware by
    > exploiting Sony malware.
    >
    > It's kind of amusing, but in the end I'm just shaking my head. All that
    > bloody effort, time and money that gets wasted on that shit ...
    >
    > -P.
    >


    I think daemon-tools already uses similar methods to hide itself,
    rootkitrevealer found some of its registry keys etc.
    David, Nov 11, 2005
    #13
  14. GraB

    shannon Guest

    Re: Mainstream media catches up

    Shane wrote:
    > On Fri, 11 Nov 2005 22:27:48 +1300, shannon wrote:
    >
    >
    >>Roger Johnstone wrote:
    >>
    >>>In <437444cd$> Nathan Mercer wrote:
    >>>
    >>>
    >>>>shannon wrote:
    >>>>
    >>>>
    >>>>>The global head of Sony BMG is quoted as saying on NPR.
    >>>>>"Most people, I think, don't even know what a rootkit is, so why
    >>>>>should they care about it?" I guess he is going to find out. After
    >>>>>this breach of trust it will be a cold day in hell before I let any
    >>>>>CD autorun or accept any installable players from any record company.
    >>>>>
    >>>>>Auto run can be defeated by using the Microsoft Powertoys TweakUI
    >>>>>http://download.microsoft.com/download/f/c/a/fca6767b-9ed9-45a6-b352-
    >>>>>839afb2a2679/TweakUiPowertoySetup.exe
    >>>>
    >>>>If you don't want to turn it off across the board, just hold down
    >>>>shift when you insert a CD
    >>>
    >>>
    >>>That works only as long as you always remember to hold the shift key
    >>>down. If you forget just once...
    >>>
    >>>Mac users went through a similar problem years ago. When QuickTime 2.0
    >>>came out it added an autoplay feature, which was basically the same as
    >>>the Windows feature. Shortly after that the AutoStart 9805 worm was
    >>>released. It infected a lot of Macs in desktop publishing businesses
    >>>where it could be easily passed around on the large capacity removable
    >>>disks in common use, and even made it on to at least one magazine cover
    >>>CD-ROM. QT 2.5 introduced a user option to turn off autoplay, and most
    >>>people kept it turned off. Because of this autoplay was never used much (
    >>>I have never seen or even heard of a Mac disk with it), and it was
    >>>dropped altogether from the Mac OS X version of QT.
    >>>

    >>
    >>If Sony can do this, I wouldn't trust coverdisks either.
    >>I think its just become another regular Windows exploit.

    >
    >
    > I caught this on /. yesterday,
    > http://www.macintouch.com/#tip.2005.11.10.sony
    >
    > I recently purchased Imogen Heap's new CD (Speak for Yourself), an RCA Victor
    > release, but with distribution credited to Sony/BMG. Reading recent
    > reports of a Sony rootkit, I decided to poke around. In addition to the
    > standard volume for AIFF files, there's a smaller extra partition for
    > "enhanced" content. I was surprised to find a "Start.app" Mac application
    > in addition to the expected Windows-related files. Running this app brings
    > up a long legal agreement, clicking Continue prompts you for your
    > username/password (uh-oh!), and then promptly exits. Digging around a bit,
    > I find that Start.app actually installs 2 files: PhoenixNub1.kext and
    > PhoenixNub12.kext.
    > Personally, I'm not a big fan of anyone installing kernel extensions on
    > my Mac. In Sony's defense, upon closer reading of the EULA, they
    > essentially tell you that they will be installing software. Also, this is
    > apparently not the same technology used in the recent Windows rootkits
    > (made by XCP), but rather a DRM codebase developed by SunnComm, who
    > promotes their Mac-aware DRM technology on their site.
    >
    > Basically, the MAC's are getting stuff installed as well, its just not as
    > 'offensive' and.. requires EULA
    >


    Heres a great rant about the Sony Mac DRM
    http://www.pigdog.org/auto/software_jihad/link/2581.html
    shannon, Nov 11, 2005
    #14
  15. GraB

    shannon Guest

    Re: Mainstream media catches up

    Matthew Poole wrote:
    > On Fri, 11 Nov 2005 21:14:21 +1300, someone purporting to be Nathan Mercer
    > didst scrawl:
    >
    >
    >>shannon wrote:

    >
    > *SNIP*
    >
    >>If you don't want to turn it off across the board, just hold down shift
    >>when you insert a CD

    >
    >
    > I hope your bosses know you're in here breaking the DMCA, Nathan. You're
    > advising people how to circumvent an "effective technical measure", and
    > that's a no-no.
    >
    > What's scary is that I'm actually only very slightly taking the piss -
    > mainly because you're in NZ. In the US you could get in real trouble for
    > telling people this.
    > What a fucked-up world this is :/
    >


    They will have to sue Microsoft first, its in their documentation.
    shannon, Nov 11, 2005
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paolo Bresi
    Replies:
    1
    Views:
    617
    Walter Roberson
    Apr 4, 2005
  2. Broderick Johnson

    Can I use one copy of Windows ME for both my home PCs?

    Broderick Johnson, Dec 8, 2003, in forum: Computer Support
    Replies:
    14
    Views:
    541
    Miggsee
    Dec 8, 2003
  3. Andy

    Car PCs, mini PCs run Linux and windowsXP

    Andy, Jan 27, 2006, in forum: Computer Information
    Replies:
    0
    Views:
    430
  4. Replies:
    0
    Views:
    764
  5. Andy
    Replies:
    0
    Views:
    575
Loading...

Share This Page