PDA

View Full Version : Sony CD copy protection scandal, be aware its still around



pultneytooner
15-Oct-06, 23:04
2005 Sony CD copy protection scandal was a public scandal dealing with Sony BMG Music Entertainment's surreptitious distribution of software on audio compact discs.

As a copy protection measure, Sony BMG included the Extended Copy Protection (XCP) and MediaMax CD-3 software on music CDs. XCP was put on 52 albums[1] and MediaMax was put on 50 albums.[2] This software was automatically installed on desktop computers when customers tried to play the CDs. The software interferes with the normal way in which the Microsoft Windows or Mac OS X operating systems play CDs, opens security holes that allow viruses to break in, and causes other problems. It is widely described as spyware.

As a result, a number of parties have filed lawsuits against Sony BMG; the company ended up recalling all the affected CDs; and greater public attention was drawn to the issue of commercially-backed spyware.
read more here:

http://en.wikipedia.org/wiki/2005_Sony_CD_copy_protection_scandal



this week i found a rootkit on my system you can see here what this can do and i had found it in a music album.

Name Potentially rootkit-masked files
Unique Code H9GUFFP6
Type System Monitor
Severity Critical
Description

Potentially rootkit-masked files is a monitoring program that secretly tracks all activities of computer users.
Characteristics

Potentially rootkit-masked files may monitor and capture your computer activity, including recording all keystrokes, e-mails, chat room dialogue, instant message dialogue, Web sites visited, usernames, passwords, and programs run. This program may be capable of taking screen shots of your desktop at scheduled intervals, storing the information on your computer in an encrypted log file for later retrieval. These log files may be e-mailed to a pre-defined e-mail address. This program can run in the background, hiding its presence.
Method of Infection

Potentially rootkit-masked files may be installed via other threats, such as music downloads and Trojan downloaders.
Consequences

This system monitor may allow an unauthorized, third party to view potentially sensitive information, such as passwords, e-mail, and chat room conversation. Additional Comments: It is recommended that you change all of your passwords after removing this program. If you bank online, you might consider changing your credit card and bank account numbers. You should also monitor your credit card and bank statements carefully over the next several months for signs of fraudulent activity.

blueivy
16-Oct-06, 09:47
2005 Sony CD copy protection scandal was a public scandal dealing with Sony BMG Music Entertainment's surreptitious distribution of software on audio compact discs.

I remember this scandal when it first hit the news. One of the issues with it is that they did without actually telling anybody! It was also on a number of other Sony albums, not just the first one where the rootkit was installed.

If I remember correctly, you can return your CD back to Sony and they will swap it for a unprotected one.

Rootkits are a pain to detect and an ever bigger pain to remove. If you get a rootkit on your system, on the whole it's actually easier to wipe and start again, not always but on the whole. They integrate themselves so nicely and hide themselves so well you're never sure if you've got it all! It can also be quicker to start again!

What software did you use to detect it?

pultneytooner
23-Oct-06, 18:53
I remember this scandal when it first hit the news. One of the issues with it is that they did without actually telling anybody! It was also on a number of other Sony albums, not just the first one where the rootkit was installed.

If I remember correctly, you can return your CD back to Sony and they will swap it for a unprotected one.

Rootkits are a pain to detect and an ever bigger pain to remove. If you get a rootkit on your system, on the whole it's actually easier to wipe and start again, not always but on the whole. They integrate themselves so nicely and hide themselves so well you're never sure if you've got it all! It can also be quicker to start again!

What software did you use to detect it?
Sorry for taking so long to reply.
Anyway, here's the website:

http://www.sysinternals.com/Utilities/RootkitRevealer.html

The free download is at the bottom of the page.

P'T

blueivy
23-Oct-06, 20:03
Sorry for taking so long to reply.
Anyway, here's the website:

http://www.sysinternals.com/Utilities/RootkitRevealer.html

The free download is at the bottom of the page.

P'T

Ahhh. I tried that some time ago and it found nothing. You inspired me to try it again and it still found nothing .. thankfully!

Niall Fernie
27-Oct-06, 14:45
A good way around this problem is to use something like SLAX to playback/rip your sony CDs. As its a portable linux distro the rootkit does not work or install. If you download the "Kill Bill" edition of SLAX you get CD ripping/burning tools preinstalled. Its also free which it good :)

www.slax.org (http://www.slax.org)

Edit: it was reading about this rootkit scandal in the first place that led me to SLAX.