- home
- reviews
- news
- downloads
- cnet tv
On GameSpot: Wii Fit tells 10-year-old she's fat
- log in
- join CNET
- welcome,
- my profile
- log out

November 16, 2005 3:52 PM PST

Attack targets Sony 'rootkit' fix

By Alorie Gilbert
Staff Writer, CNET News

Print
E-mail
Share

Related Stories: Sony recalls risky 'rootkit' CDs
November 15, 2005; FAQ: Sony's 'rootkit' CDs
November 11, 2005; 'Bots' for Sony CD software spotted online
November 10, 2005; Sony CD protection sparks security concerns
November 1, 2005

Sony BMG took another blow Wednesday, when a security company said it has found malicious attacks based on software designed to defuse the record label's "rootkit" problems.

Websense's security labs reported that it has discovered several Web sites designed to exploit security flaws in a rootkit uninstaller program issued by Sony BMG Music Entertainment. As reported earlier, some Sony CDs deposit rootkit-like code onto people's computers that leave them open to attacks.

Websense has uncovered only a couple of Web sites set up to attack flaws in the initial uninstall program, and the damage they cause appears to be minimal so far. One of them, hosted in the United States, simply restarts infected computers.

Reader response
What should Sony do?

Debate how the debacle will
affect the label's policies.

"It's someone trying to make a point," said Dan Hubbard, senior director of security and technology research at Websense. "They could have done a lot worse."

Sony became embroiled in controversy earlier this month after the record label was discovered to be distributing secret code similar to a rootkit with certain music CDs as a copy-protection mechanism. Sony BMG recalled millions of these CDs on Tuesday, after viruses exploiting flaws in the rootkits began to appear.

The company also released programs to uninstall the rootkits, but the initial Web-based version has its own set of flaws, Princeton University computer science professor Ed Felten wrote in his blog Tuesday.

In the case of the U.S.-hosted malicious site, the attacker may have compromised the site without the owner's knowledge, Websense's Hubbard said. The site appears to be associated with Canada's version of the American Idol TV show. Websense also found the following message in the site's malicious code: "Sony DRM Christmas Gift." DRM stands for digital rights management, a type of copy-protection technology.

"Any user who has downloaded and run the Sony uninstaller program is susceptible to this attack," Websense said in a statement.

A Sony BMG representative did not immediately respond to inquiries about the alert.

However, in response to concerns about the security of its uninstall software, Sony has removed the program from its Web site, and promised to release another version soon.

"We currently are working on a new tool to uninstall First4Internet XCP software," the Sony site now reads. "In the meantime, we have temporarily suspended distribution of the existing uninstall tool for this software. We encourage you to return to this site over the next few days."

The flaw in Sony's uninstall software was based on an ActiveX progam installed on hard drives, which allowed Web sites to run malicious code automatically in the Internet Explorer Web browser. Some security experts are advising people who think they might have used Sony's uninstall tool to use the Firefox Web browser, which does not support automatic ActiveX controls.

Princeton computer science professor Ed Felten and researcher Alex Haldeman have created a page that tests whether a computer might be at risk as a result of running the uninstall tool.

CNET News reporter John Borland contributed to this story.

See more CNET content tagged:
Websense Inc., rootkit, Sony BMG Music Entertainment, Sony Corp., digital-rights management

Add a Comment (Log in or register) 20 comments

Shit
by wazzledoozle November 16, 2005 4:45 PM PST: I ran the uninstaller to find that I didnt have the rootkit, I thought sonicstage (that came wit my sony cd player) may have installed it.

****, any ports I could block?; Reply to this comment

Sony is evil AND incompetent
by llaitner November 16, 2005 5:02 PM PST: Boycott Sony; Reply to this comment

Boycott all that is SONY!
by heystoopid November 16, 2005 8:54 PM PST: The problem with the uninstaller/reinfection software is with the ACTIVE X switch being left on, so IE6, has its front, back, side and roof wide open to everything, when you surf the net! One cure, use either mozilla firefox or opera to surf the web, end of problem regarding the active X component. Another, is total system reinstall after hard drive wipe and clean. Further the problem with sony/F4i 'XCP' is that these disc's are sold world wide! In a recent snapshot check of 9.9 million web surfers on 3 million DNS servers, Dan Kaminsky found, approximately 568,000 , showing a unique signature to sony's DRM malware/nightmare! Interestingly, whilst all countries have infected machines, the report shows japan has 200,000 ; USA has 130,000 and UK has 44,000, followed by the Netherlands and Spain with 27,000 and even Australia has some 8,000 infections as well. So the only real cure, is either manual disinfect shown by Mark Russinovich, or a complete harddrive wipe clean/format and reininstall from clean backup copies, create a user/administrator and thereafter disable windows, autorun step for all optical drives! Further it seems that some of the newer released Sony DVD's like the just released "Bewitched" marked copy protection, may have some form of strange DRM check program included for free to mess up windows core as well! The only true cure is Boycott all that is SONY from A- Z! A bankrupt SONY/BMG , will give the major remaining labels, the hint don't mess with the customers computers or basic rights, for this is what happens if you do! Information to hand shows Sony electronics wholesale is now engaged in predatory illegal pricing tatics as well! Let the class action law suits and the criminal trespass to jail the corporate crooks responsible for this fiacsco!, destroy SONY as a business/trading entity, and make the trademark worthless! It's your choice, don't reward dishonesty, by purchasing any goods, manufacted by an entity that treats all end users as thieves!; Reply to this comment

What is infected?
by eupoth November 16, 2005 9:14 PM PST: I only have one product by Sony on anything except my Xbox.
This product is Star Wars Galaxies, by SOE. Is it possible for me
or anyone else to confirm that Sony has the copy protection
devices installed on my computer?

If so, I would appreciate an explanation of the removal
procedure, barring a total system sweep. I would also like to
know exactly what kind of infringement this is on Sony's part.
This sounds pretty illegal to me. I am going to read the liscence
agreement one more time, but I am intent upon setting this
right.; Reply to this comment

oops
by AlecWest November 16, 2005 11:17 PM PST: Many consumers have echoed the sentiments of some tech columnists who recommend a boycott of Sony CDs. One columnist even recommended boycotting ALL CDs since other manufacturers were considering similar measures. I agree with the Sony boycott approach but will extend that to ALL Sony products ... even films at theaters. It will be interesting to watch CD sales figures in the coming months. If sales take a nosedive, it will be that much harder to use piracy as an excuse if a significant boycott materializes. But this may have another effect. Sony/BMG artists who are approaching the ends of their contract periods might consider jumping ship to another CD conglomerate. It would be a survival issue for them if a boycott cut heavily into sales. What a mess. The executives behind this rootkit deployment need to be given their walking papers.; Reply to this comment

Boycott Sony, Boycott Blu-Ray

by anarchyreigns November 17, 2005 1:21 AM PST

Boycott Sony, boycott Blu-Ray. I was a Blu-Ray fan before this, now it's HD-DVD all the way baby.

Reply to this comment

Why Blu - Ray?
by NeverFade November 17, 2005 11:57 AM PST: maybe Sony supports it, but so df a lot of other big names!
boycot blu-ray? Over HD? Are you kidding me?

HD DVD has a fraction of space compared with Blu_ray, and blu-ray
has backwards capability - unlike HD.

I can understand not buying sony - but not supporting bluray
because of this is dumb.; View reply
Processing

doesn't vista support hd-dvd?
by thedreaming November 17, 2005 6:22 AM PST: Didn't microsoft just say that they're going to be supporting hd-dvd? That'll pretty much shove that standard down our throats anyway.

It's funny, I had a friend that had a sony music cd with drm and I almost allowed him to put in in my machine, but I stopped him before he got to do it.

We listened to the music through my dvd player hooked up to my dvd.; Reply to this comment

That's it Sony, no more of your DRM infested music
by bobby_brady November 17, 2005 8:17 AM PST: for me! Which means no more Sony products for me!; Reply to this comment

Don't Use IE At All, Not Just A Sony Issue

by Stating November 17, 2005 10:42 AM PST

Beyond Sony's incompetance in implementing DRM, this story illustrates that despite all the so-called security fixes from Microsoft for Internet Explorer it is still unsafe to use. ActiveX should be called ActiveHex. Dump IE for good and use other browsers like Firefox or Opera. Do not be conned yet again by Microsoft. Also, I'd like to see CNET do a test with Windows Vista/IE7 to see how it handles the Sony uninstaller. If it succumbs to the same ActiveX vulnerability then it is a stinging indictment to Microsoft's woeful lack of security.

Reply to this comment

How about
by royc November 17, 2005 11:00 AM PST: giving M$ time to fix IE7 before saying "DUMP IT!"

Yeah, right!!!; View reply
Processing

Sony Has NOT Pulled The Uninstaller
by Stating November 17, 2005 11:07 AM PST: I just downloaded the flawed uninstaller from sonybmg.com (11/17 11 A.M. PST) so Sony has lied yet again. CNET should have checked this out before taking Sony's word. The tool can be downloaded from
http://cp.sonybmg.com/xcp/english/updates.html. The .exe is dated 11/08/2005 version 1.0.1.14. Sony's statement reads:
"SOFTWARE UPDATES/ PLUG-INS
November 8, 2005 - This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. To alleviate any concerns that users may have about the cloaking component posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."

Additional info about Sony BMG:
CEO: ANDREW LACK
Sony music labels:
Arista Records
BMG Classics
BMG Heritage
BMG International Companies
Columbia Records
Epic Records
J Records
Jive Records
LaFace Records
Legacy Recordings
Provident Music Group
RCA Records
RCA Victor Group
RLG - Nashville
Sony Classical
Sony Music International
Sony Music Nashville
Sony Wonder
Sony Urban Music
So So Def Records
Verity Records; Reply to this comment

Is Blu-ray DRM a non-issue too?
by anarchyreigns November 17, 2005 4:55 PM PST: Is Blu-ray DRM a non-issue too? Look it up.; Reply to this comment

Sony and YOU
by Eskiegirl302 November 17, 2005 5:22 PM PST: Hello everyone,

I am glad that you all are interested enough to read this.

Today I was reading up on this sony problem again. This time in the washington post. Here is an excerpt from it that really caught my attention:

Sony BMG's latest moves have not erased its legal and public relations troubles. Last week, an attorney in California filed a lawsuit seeking damages for residents who bought the defective CDs, and on Monday, a lawyer in New York filed a nationwide class-action case against the company.

Mark Russinovich, chief software architect at Sysinternals, the security expert whose initial research into the anti-piracy program sparked the controversy, welcomed the class-action suits, saying withdrawal of the software wasn't enough.

"What I'm most concerned about is: If nothing serious happens to Sony that's visible to other companies, then we run the risk of this kind of thing becoming standard corporate behavior," Russinovich said.

This last paragraph says a mouthful. Ok, so now we had to deal with this crap from sony, but they may be only the tip of the iceberg. We as consumers need to use our backbones and show not only sony, what we think of this play that they seemed to think was "not so serious", but also as a warning to other companies who just might get it in their head to follow suit, that we are not going to stand for this sort of behavior.

Personally, this did not happen to me, but I do not condone this sort of thing from any company. To those that it did happen to, I hope that you get back the normalcy that you had before sony did this to you.

Stand strong together people and put sony where they belong--out of business. Do not buy anything from them or from any company affilliated with them. Phillips is one. Boycott them. This will get the bad apple out of the barrel and let all the other apples know what is gonna happen if they try something like this.

For the full story from the washington post newpaper the link is:

http://www.washingtonpost.com/wp-dyn/content/article/2005/11/16/AR2005111602242.html

Have a good day all

Esk; Reply to this comment

Virus 2.0! Cool!
by November 21, 2005 2:39 PM PST: "However, in response to concerns about the security of its uninstall software, Sony has removed the program from its Web site, and promised to release another version soon."

I dont want a new version of Sony's virus, I don't think anyone does, if Sony had any idea of how to even start to make things right, they would remove the software, 100% and try to win back the population that knows of their evil.; Reply to this comment

Sony a Hypocrite
by Elwood Blue January 31, 2007 12:33 AM PST: Sony invented and has promoted music sharing since
the 60s with every thing from Vinyl records to 8 track reel to reel,cassette's, CD/DVDRW's including the software.
This is why we have antitrust laws, Sony should be forced to divest itself from 1 of these industries.
It's trying to control the entire dying market,with
lawsuits, malicious software and attacks on 3rd party software providers (check Lame dll)
Foreign Corporations running our lives.

Elwood Blue; Reply to this comment

Latest tech news headlines

Q&A: What's ahead for Visual Studio and .Net
Posted in News - Business Tech by Adrian Bridgwater

November 22, 2008 6:10 AM PST
Lifestreaming in Obamaland
Posted in Outside the Lines by Dan Farber

November 21, 2008 11:59 PM PST
Judge orders Ballmer to testify in Vista suit
Posted in Beyond Binary by Ina Fried

November 21, 2008 7:35 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Sony (8.45%) 1.55 19.89; Dow Jones Industrials (6.54%) 494.13 8,046.42; S&P 500 (6.32%) 47.59 800.03; NASDAQ (5.18%) 68.23 1,384.35; CNET TECH (5.95%) 56.25 1,002.00

Inside CNET News

Scroll Left Scroll Right

Business Tech
Q&A: What's ahead for Visual Studio and .Net
Microsoft's Jason Zander and Matt Carter talk tools and set out the company's manifesto for data democracy.
Gallery
Photos: Gadgets we're thankful for, Part 1
Military Tech
Army backs Hydrogen Highway
US Army has awarded a $1.8 million contract to develop hydrogen filling stations.
Outside the Lines
Lifestreaming in Obamaland
The technologies that helped Obama reach the White House are going to make the president-elect's life more transparent and scrutinized than any previous White House occupant.
Video
The BlackBerry Storm touches down
Digital Media
MySpace Music to name Courtney Holt chief next week
The lengthy CEO search at MySpace Music is finally coming to an end. Now let's see what the new guy can do against Apple.
Video
SF Bay Area plugs in
Politics and Law
The key to innovation: Privately owned fiber?
A paper released by the New America Foundation proposes encouraging consumers to purchase their own fiber lines.
Cutting Edge
Water ice glaciers spotted on Mars
NASA scientists find what they believe are huge water ice glaciers sitting just beneath the Martian surface.
Gallery
Photos: Top-rated reviews of the week
Crave
This week in Crave
Didn't have time to follow Crave this week? Here's what you need to know to be the belle of the gadget ball.
Green Tech
Google crunches numbers on clean-energy policy
Search giant pressures policy makers with an analysis arguing that government and business can clean the U.S. energy supply while stimulating the economy.