Posted on 11/10/2005 10:03:29 AM PST by steve-b
Virus writers have begun taking advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its music CDs.
Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory....
(Excerpt) Read more at theregister.co.uk ...
Hmmmm... not good. I was not aware of this until you brought it to my attention. I will see what I can find out.
The one saving grace is that for Mac users, the administrator name and password is required before it is installed. At least, we know that something is being installed... not WHAT is being installed, but we have a chance to say no. If it turns out that Sony's intrusive software is otherwise innocuous for other than DRM, one can choose to accept it to listen to their music. . . if you trust Sony. I don't.
I haven't read the EULA myself but the site referencing a possible problem with Macs as quoted above by TechJunkYard, goes on to say:
In Sony's defense, upon closer reading of the EULA, they essentially tell you that they will be installing software. Also, this is apparently not the same technology used in the recent Windows rootkits (made by XCP), but rather a DRM codebase developed by SunnComm, who promotes their Mac-aware DRM technology on their site.
Perhaps they changed the EULA for the Mac community. I suspect that it is included in the PC version as well... the lawyers would be on top of this.
Better yet, buy one of their new CDs and listen to it on your computer... then talk to you attorney. Get in on the ground floor with one of the lawsuits!
You, too, can own Sony...
As I’ve stated several times already, Sony’s rootkit hides the Digital Rights Management (DRM) files from users that have it installed, so users not monitoring the developments in this story are unaware of the scope and intrusiveness of the DRM. The End User License Agreement (EULA) does not provide any details on the software or its cloaking. Further, the software installation does not include support information and lacks a registration option, making it impossible for users to contact Sony and Sony to contact its users.
this sort of thing has been going on for a long time. There's an undocumented registry key called "Super Hidden" which allows files to be hidden from explorer, even if you have the option to show hidden files set to on. There were some variants of the Code Red virus that took advantage of this. The only way to see those files was to open a command prompt and do a "dir /a"
But believe me, there are ways to hide files in all OS, not just Windows. Heck, I used to hide files in unix all the time by just embedding backspaces into the file name, or using non-printing characters. The only way to see those file names was to do an octal dump of the directory!
Mark
the cool thing is that if you embed backspace characters in the name, along with the character that suppresses the new line character (sorry, it's been too many years for me), the wild card searches will show the file names, but they're backspaced too quickly to see! My favorite ways to hide information on a unix system was to hide files and directories like this, as well as mounting empty (or "dummy") filesystems over directories.
Mark
Given the 'ls' source, it would be trivial to patch it to be immune to such trickery (btw, if 'ls' lets escape characters through unfiltered, depending upon the terminal you use, a nasty person could take control of your account if you do an 'ls' in his directory).
Which is why the current directory ( '.' ) is NEVER in root's path! BTW, all you need is to set up a setuid script or c program, and that tactic is a great way to create a new admin account without the root user knowing about it. Or doing all sorts of other nefarious things.
Mark
I'm not defending Sony... just it is now time for us all to start carefully reading those damn EULAs!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.