Sony CD Copy Protection Seems To Rely On Hacker Rootkit - InformationWeek
IoT
IoT
News
News
11/2/2005
04:05 PM
50%
50%
RELATED EVENTS
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

Sony CD Copy Protection Seems To Rely On Hacker Rootkit

Sony is apparently borrowing a tactic from hackers for its digital-rights management technology, and some security experts question the practice.

Security researchers have identified a rootkit -- software used by hackers to hide their malicious code from anti-virus and anti-spyware defenses -- within the copy protection scheme Sony BMG Music Entertainment uses to prevent music CDs from being copied to computers.

The digital rights management (DRM) technology that Sony BMG uses limits the number of times a CD can be "ripped" to a computer. To prevent the DRM software from being easily circumvented, the copy protection's creator -- a U.K.-based company called First4Internet -- uses a rootkit to hide the DRM's files.

An independent researcher, Mark Russinovich, and the Helsinki-based F-Secure security firm, published details almost simultaneously on the DRM technology Sony BMG uses, and that technology's application of a rootkit.

Both stressed that rootkits are most commonly used by malicious code writers -- hackers -- and the use of it by a legitimate company such as Sony was alarming, they warned.

"Once the rootkit is there, there's no direct way to uninstall it," said Mikko Hyppnen, F-Secure's chief research officer, in an online brief. "The system is implemented in a way that makes it possible for viruses (or any other malicious program) to use the rootkit to hide themselves. too. This may lead to a situation where the virus remains undetected even if the user has got updated antivirus software installed."

Russinovich, who stumbled across the rootkit after a long investigation that involved a number of advanced PC forensic tools, agreed. "Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall."

In fact, when Russinovich tried to uninstall the DRM software, all he got for his trouble was a dead CD drive.

"Most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files," he said.

Removing the rootkit is so fraught with possibilities of calamity that F-Secure recommended users don't try it themselves. Instead, Hyppnen urged users to fill out a Sony BMG Web form and ask for instructions on how to remove the software. F-Secure has tested the resulting removal process -- which relies on the installation of an Internet Explorer ActiveX control -- and has confirmed it works.

According to one anti-spyware expert, Sony has no excuse for leaning on a rootkit to copy protect its content.

"Rootkits are always malicious," said Richard Stiennon, director of threat research for the Boulder, Colo.-based anti-spyware vendor Webroot. "There's no legitimate use of a rootkit, whose only purpose is to hide code from the operating system." Stiennon is intimately familiar with rootkits, since they're often by spyware writers to disguise some of their nastier work, like password keyloggers.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll