BOClean and Sony DRM Rootkit

In a previous thread was posted a little bit about BOClean and the Sony DRM Rootkit.
Thread :
https://www.wilderssecurity.com/showthread.php?t=106216

First, let's do again a search in the BOClean Covered Trojans List for Sony:
At the moment we get:
7408. SONYROOTARIES
7409. SONYROOTDRM
7410. SONYROOTDROP
7411. SONYROOTKIT9X
7412. SONYROOTKITXP
7413. SONYROOTUPG
See also : http://www.nsclean.com/trolist.html

=====

Kevin has recently started a thread at DSLR/BBR-security-forum :
Microsoft will wipe Sony's 'rootkit' and more
http://www.dslreports.com/forum/remark,14802823

A most interesting thread !!!
A thread discussing both legal and technical stuff.

The thread is about :
1. BOClean (which is in some way in an unique position as there is no trial version for it and in some way it might be considered as a "private club").
2. whether yes or no a free utility will be published.
3. all kinds of legal stuff.
4. all kinds of technical stuff.
5. etc. etc. etc.

I would really advice everyone interested to read it.

Maybe more to come.......

 

Can I say **** Sony?
Even MS has released a patch for this nasty sayiny it violates the Windows Core.

I would think this is Mr Gates last chance to prove he is for the underdog.


This is my last statement on this subject.

controler

 

Ok here is what I am trying to say again. This is a MS issue...... Over?

It boils down to Sony messing with the core of Windows, not any copy crap.

here is the question,,, How far in bed is MS with Sony?

This is going to get ugley LOL


controler

 

Just because Sony lets you decide if you want to install it's crap realy does not mean a thing. They are rooting the heart of Windows which is a CHRIME

isn't that enough?

Bill? don't you finaly want some revenge?

controler

 

Err....Sony doesn't let you decide if you want to install this crap. The MOMENT you insert an infected CD, your computer is rooted (unless you are running DiamondCS's full Process Guard (not free version) with "block rootkit installation..." checked or you are running BoClean. Otherwise, you are rooted BEFORE you have a chance to read the Eula. Even if you decline the Eula, you are STILL rooted. The Sony software does NOT remove itself if you decline the Eula. In my mind, this makes Sony guilty of deliberate malice and actionable under criminal law (as well as civil).

The truly ironic thing here though is that, under the law, you become a criminal if you remove the rootkit and Sony can sue you. Plus, under the law, you are not allowed to reformat or reimage your computer after the Sony rootkit is installed. This is true even if you declined the Eula. This is why NO vendor, including Microsoft, has made a tool to remove the entire rootkit. Microsoft is the only vendor honest and clear about it but even they evidently care more about their billions of dollars than they do about their own core code being taken over by Sony. Microsoft's tool will remove only a PORTION of the rootkit(s) (there are five of them). It will leave INTACT the wire tap portion so that Sony can continue to eavesdrop on any communication between your computer and your optical drive.

 

Hello,
Whence this information?
Mrk

 

In Kevin's thread at dslreports that Fanj links to in the first post in this thread. Everyone should read that thread.

Also, Wayne posted in this thread and confirmed that Process Guard blocks it.
http://www.dslreports.com/forum/remark,14783337#14783337

 

Hello,
Read it, thank you very much, good thread.
It's so infuriating, the legislation in USA. Smacks of pure capitalism.
It all comes down to what the big guys with money want. No one cares about artists and their music. They only care about money ....
Mrk

 

The latest posts in the thread are so shocking that it boggles the mind.


"More Sony Problems to Be Revealed

Several groups of privacy and security experts are expected to release research later today that points to multiple, serious security flaws present in "XCP," the anti-piracy software used on an undisclosed number of Sony BMG music CDs. (For the record, Security Fix observed that experts were busily searching for such flaws shortly after this whole fiasco began).

According to details provided by prominent security researcher Dan Kaminsky, the resulting public outcry could make Sony feel like the last two weeks of consumer backlash were a walk in the park.

Kaminsky wil be unveiling research that indicates just how many computer networks have Sony's anti-piracy software installed on them. Kaminsky declined to be more specific, but numbers referenced in a class-action lawsuit filed Tuesday in New York against Sony and XCP maker First4Internet indicate that Sony sold approximately 3 million music CDs carrying the software.

"The net effect is that it's not in doubt that Sony has created a major security event on the Net," Kaminsky said in an online chat last night.

But wait, it gets ... er ... better. The researchers discovered a security flaw in XCP (which stands for "extended copyright protection") that could afford attackers a window through which to break into computers running the software and install additional software or viruses.

Kaminsky told me that one of the researchers involved in the investigation is Edward Felten, a professor of computer science and public affairs at Princeton University.

And indeed, Felten's blog -- Freedom to Tinker -- hints as to the research he will release tomorrow along with Alex Halderman, a Ph.D. student at Princeton whose research includes digital rights management technologies, including SunnComm Technologies, a different anti-piracy program used by other Sony titles :

"Alex Halderman and I have confirmed that Sony’s Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony’s Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit. ... In the meantime, we recommend strongly against downloading or running Sony’s Web-based XCP uninstaller."

(The name of Felten's blog is a nod to his prior high-profile legal dust-up with the entertainment industry over alleged violations of the Digital Millennium Copyright Act.)

I tried to contact Felten earlier today, and no doubt he was too busy with this research to grab the phone. I contacted Halderman by e-mail, who confirmed that "the uninstaller can create even worse problems than" those created by the anti-piracy software itself. Halderman said further details would be available on Felten's site later today.

One of XCP's most alarming traits for security researchers has been its ability to hide not just its own files on a user's PC but also those of any other files, viruses or worms that follow the program's file-naming rules -- hidden so well that even antivirus programs can't find it.

Last week, about the same time that someone mass-spammed several versions of a virus designed to take advantage of XCP's file-hiding abilities, Sony issued a "patch" to help users remove the file-hiding function. (The patch did not uninstall the program itself, which resists removal so effectively that security researchers have equated it to a "rootkit".)

But according to research to be presented tomorrow, that very same patch Sony issued to help close the security hole exposed by its software actually introduces additional security flaws.

While exposing oblivious users to additional risks when someone or something has already compromised their computer is in itself inexcusable, opening that user's system to backdoor security flaws and then paving the way for attackers to install whatever they please without fear of detection or removal is unconscionable.

Imagine the potential consequences of military personnel or government employees at work on a sensitive government network popping one of these CDs into their computer to listen to their favorite Sony-label music artist. If only half of this research turns out to be supported by the broader security community, Sony is about to find itself in big-league legal trouble."

http://blogs.washingtonpost.com/securityfix/2005/11/multiple_securi.html

 

Interesting stuff indeed.

Does the government fall under tha same laws as the rest of us?

If Sony's eula says you can't reformat or remove the rootkit, does remove mean replacing a bad hard drive. One that accidently got hit by a hammer? LOL

Going to be fun to see what other companies are using for protection, we don't know about ey?

controler

 

Hi,
I don't see why people are so afraid of tiny beaurecratic clausules. People have every right to do whatever they want with their computers. WHATEVER they want. The fact the US "legal" bodies are trying to brainwash people into believing otherwise does not change the truth. If a burglar comes to your house, you have every right to do anything you like in your defense. Plain and simple.
They don't like piracy, now, do they? But I don't hear them complain about the same Internet, the double-edged sword which opened the world to these companies and boosted their revenues by hundreds of percents in the late 90s. But now, that they are earning less (not losing just earning less) all of a sudden the Internet is an evil place of household pirates.
People need to stop playing nice. Sony violated us like Cossacks. It's time to fight back. Total boycot. Hundreds of thousands of civil lawsuits. What are they going to do?
And I don't see how there can be any sort of doubt at all. People agree to EULA. Things NOT mentioned in the EULA get installed. End of argument. Time to kick ass.
Mrk

 

I would personaly like to thank Mark for not thinking I was a total wierdo

When I said Rootkits are here and some big companies use them.

Thanks Mark

Bruce

 

Would like to say thanks to Jan

And Kevin

Bruce

 

Would programs such as, and specifically, UnHack Me, and Snoopfree not warn of them, and prevent the install?
Thanks,
Jerry

 

JerryM

Yes for the most part they would.


Proactive is the key.


controler