# Sony/BMG CD's hack your computer!



## Chris Blount (Jun 22, 2001)

Texas Sues Sony BMG Over CD Rootkit 
By Nate Mook, BetaNews

Texas Attorney General Greg Abbott announced Monday that he has filed suit against Sony BMG over the use of illegal spyware in its copy-protection mechanism that gained national attention earlier this month.

Abbott also disputed Sony's claims that it had recalled all affected CDs, saying investigators were able to purchase "numerous titles at Austin retail stores as recently as Sunday evening."

The lawsuit notes that Sony's software uses a rootkit "cloaking" technique to hide itself from users and prevent its removal. Abbott says the DRM remains active at all times, even when Sony's media player is not active, which has led to concerns about its true purpose.

*More*


----------



## ntexasdude (Jan 23, 2005)

Pathetic. Sony is one of those companies you love sometimes and hate sometimes. There are some very in-depth articles on this fiasco at Electronic Frontier Foundation.


----------



## DonLandis (Dec 17, 2003)

I've been following it too. An easy solution for this is to just avoid buying Sony Music CD's or Sony Movie DVD's that you will play on your computer.


----------



## kc1ih (May 22, 2004)

This is a good reason for buying a Mac. Mac OS X will not let anything be installed (unless it’s by drag and drop) unless you enter your password.


----------



## ntexasdude (Jan 23, 2005)

DonLandis said:


> I've been following it too. An easy solution for this is to just avoid buying Sony Music CD's or Sony Movie DVD's that you will play on your computer.


Agreed, just remember to to check the fine print on the cd or dvd box for the disclaimer. One problem is if you order online you don't get a chance to inspect the packaging.

A few years ago Sony actually released a few music titles that could actually physically damage your cd drive if you attempted to play it in your computer. PC World ran several articles on it. I have been very wary of Sony ever since.

For anyone interested in following the whole piracy/antipiracy issue the www.eff.org web site is a tresure trove of great information.


----------



## n8dagr8 (Aug 14, 2004)

kc1ih said:


> This is a good reason for buying a Mac. Mac OS X will not let anything be installed (unless it's by drag and drop) unless you enter your password.


It's even harder with Linux!


----------



## BobMurdoch (Apr 24, 2002)

I had bought the Sarah McLachlan Bloom Remix CD which evidently had this. I refused to allow it to install when I saw the screen popup (I'm glad I did). I ran the program that supposedly removes the offending code, and it said I didn't have it installed, so I guess i'm safe.


----------



## DonLandis (Dec 17, 2003)

Not necessarily. From several hacker geeks, the EULA statement is passive and doesn't actually stop the loading of the rootkit. I did read where there was a specific test you can do to test if the code was installed but don't recall the details. It involved renaming a common file exe to the rootkit's default files and then try to remove that and it automatically tells you the files don't exist because it would cloak the file. The only way these hackers were able to rid the files from the OS was to reformat the drive and reinstall.  What Sony did is unforgivable and if you all know what's best you will boycott their media. I hope they lose bigtime in the suit as well. It's bad enough they are into my wallet with all the Sony stuff I buy each year but they can stay out of my computer!


----------



## ntexasdude (Jan 23, 2005)

Spot on Don. From what I've read on the EFF web site you're pretty much screwed the second you insert the CD in the drive. Double damned if you accept the EULA and damned if you don't. Apparently removing it is a joke too. Yeah it removes the software but it secretly opens up ports and leaves hidden components installed so the thieves may steal you blind because you left them a key to the front door. Maddening!


----------



## Steve Mehs (Mar 21, 2002)

This is one of the reasons I bought a grand total of 4 prerecorded commercial audio CDs in my life.

One thing I've been wondering is are you forced to install this software in order to play the CD, as in you can't cancel in install and play with Winamp or Windows Medial Player or the CD player app in older versions of Windows. I can't count how my DVDs I have that when you insert them ask you to install the Interactual Player or whatever that software is, but I cancel and use Power DVD.


----------



## ntexasdude (Jan 23, 2005)

Interactual is a nifty little piece of software that unlocks hidden features on certain cd's and invites you to visit special "members only" interactive web sites. By many definitions it's also spyware. Read the EULA carefully or just don't install it. It also comes on many dvd's.


----------



## invaliduser88 (Apr 23, 2002)

Steve Mehs said:


> This is one of the reasons I bought a grand total of 4 prerecorded commercial audio CDs in my life.
> 
> One thing I've been wondering is are you forced to install this software in order to play the CD, as in you can't cancel in install and play with Winamp or Windows Medial Player or the CD player app in older versions of Windows. I can't count how my DVDs I have that when you insert them ask you to install the Interactual Player or whatever that software is, but I cancel and use Power DVD.


Correct me if I'm wrong, but in most cases wouldn't disabling autoplay in Windows pretty much keep the CD from installings it's nasty little secret. Then just run up Media Player/Winamp/Whatever and play the CD normally.


----------



## ntexasdude (Jan 23, 2005)

The first thing I do on any computer I use is disable autoplay. A few years back I put a music cd in and WITHOUT a single mouse click from me it installs some garbage software and put an icon on my desktop. I was some kind of mad.

Invaliduser, disabling autoplay is what EFF recommends but I really don't know if it will prevent the software install. I'll see if I can find out or maybe someone else knows.


----------



## BobMurdoch (Apr 24, 2002)

I ran McAfee Managed VirusScan AND the file that Sony put on its' website to delete the offending data, and they both said that it wasn't present (unless Sony has cloaked it from itself??????)


----------



## DonLandis (Dec 17, 2003)

invaliduser- Thus the reason for the suit- It installs regardless of your intent, just by inserting the CD or DVD will do it's cloaked installation. I understand that another suit was filed yesterday in California on this. Our local paper had an article on it that in addition to the Sony reporting, it locks open a port on your router that allows any hacker to sneak past as well and gain access to your system. I didn't read the details of that but aparently this is some serious stuff and if you think you are safe after inserting a Sony CD or DVD, better reformat your drive and reinstall from your backup media before using those Sony CD's.


----------



## HIPAR (May 15, 2005)

It hides files or directories starting with $sys$. Evidently, if you have a program called RootKitRevaler you can see if this nasty has found its way onto your computer.

http://www.sysinternals.com

You must know intimate technical details of your operating system and need special software to remove it. The Symantec's of this world did not spot it before tens of millions of 'Little Suzies' clicked 'I Agree'.

There should be laws to stop this sort of thing but the laws that have been passed, like the Digital Millennium Copyright Act, potect the big corporations and do not concede an individual's digital rights.

Sony will probably win in court by contending the US Congress has given them permission to protect their copyrights!

--- CHAS


----------



## ntexasdude (Jan 23, 2005)

Sony may indeed win but it's a giant public relations blackeye. Hopefully the word will spread about this and people will get mad and quit buying their cd's. It could very well come back to bite them in the butt.


----------



## BobMurdoch (Apr 24, 2002)

More importantly. The shtstorm it kicked up should dissuade other publishers from trying a similar stunt. In the itunes era are THAT many people still stealing music?


----------



## Steve Mehs (Mar 21, 2002)

Yep. I use Limewire religiously. I turn on XM or Sirius, I like a song I type it into Limewire and it 30 seconds or less it’s on my hard drive about to be uploaded to my iPod, including a lot of rare tracks. Other then 4 CDs ad 4 DVD-As, I have not paid a dime in my life for music. Before CD burners I’d sit with my little boom box and record songs off the radio. 

The closest thing I ever got to legal downloads of music was a free trial of Napster. There were a few songs I couldn’t find on Limewire so I downloaded from Napster and played them back while using a third party app to record the music right off my sound card, thus creating a totally new file and getting around the protected file BS so I could play them back when I canceled.

I have no problem paying $25 for a DVD-A title but will not buy CDs or pay for downloads.


----------



## SimpleSimon (Jan 15, 2004)

n8dagr8 said:


> kc1ih said:
> 
> 
> > This is a good reason for buying a Mac. Mac OS X will not let anything be installed (unless it's by drag and drop) unless you enter your password.
> ...


Isn't OS X Linux?



invaliduser88 said:


> Correct me if I'm wrong, but in most cases wouldn't disabling autoplay in Windows pretty much keep the CD from installings it's nasty little secret. Then just run up Media Player/Winamp/Whatever and play the CD normally.


Yup.


----------



## DonLandis (Dec 17, 2003)

I heard a news bit today that Sony is retracting their position now on the rootkit and will stop the stealth install on computers playing their CDs and DVDs. Also, EFF is saying that Sony needs to do a world wide recall of all products that were built this way and compensate people who bought and got infected with their spyware. If Sony is forced to do this, what about all their media in the rental stores and the systems they hacked into from rental DVD's?

To Macheads everywhere- Here's my response- KMA, my sliderule doesn't even crash! I'll continue to use my PCs and I don't need to play Sony media on them.

FYI- _"MacInTouch reports claims by a reader who recently purchased a Sony BMG CD. The reader found that the CD installs a Mac application, "Start.app" which itself installs two files: PhoenixNub1.kext and PhoenixNub12.kext.""_

Frankly, I'm getting a little annoyed at MACnoggins who believe they are safe with being a fruit lover. Maybe garage hackers writing viruii don't waste their time doing in Macs because there are so few, but big corps like SONY want to cover the bases.

I still hope they have to pay big time for this bit of arrogance. I want the Federal Government to look into laws to prevent and punish corporations who invade and modify my computers without my knowledge and permission and I want all such modifications and additions to be fully disclosed with full warnings as to the known vulnerability in plain English. It should say something to the effect:
"We wish to install a small program on your computer that will allow us to have full access to all your private information. Please also be advised that if you agree to this the program will allow anyone full access to your system and all its content. No current firewall or spy detector or antivirus software will help you. Our software will render all these protective measures useless. Plus, you will not be able to uninstall this addition. We will not be responsible for any damage to your system nor be responsible if your identity is cloned or your complete financial security is lost by you allowing us to ruin your life. "


----------



## DonLandis (Dec 17, 2003)

Quote:
Originally Posted by invaliduser88
Correct me if I'm wrong, but in most cases wouldn't disabling autoplay in Windows pretty much keep the CD from installings it's nasty little secret. Then just run up Media Player/Winamp/Whatever and play the CD normally. 

Yup. 

Not according to experts who have studied this rootkit from Sony. It comes up when you decide to play the CD / DVD. At this point in time the only safe way to prevent these media from modifying your system to allow a back door access is to not play in a computer, or play in a computer that is not connected to your network.


----------



## SimpleSimon (Jan 15, 2004)

DonLandis said:


> Not according to experts who have studied this rootkit from Sony. It comes up when you decide to play the CD / DVD. At this point in time the only safe way to prevent these media from modifying your system to allow a back door access is to not play in a computer, or play in a computer that is not connected to your network.


Ah - then it's not an AutoPlay that hits on insertion, but a DRM module that hits when you play the CD.

In that case, you should be able to suck the music files off of it without risk - although you'd have to know what you're doing. 

I generally support paying for music (artists gotta eat too), but in THIS case, I hope these CDs & DVDs are spread all over the internet - just to get even with those SOBs at Sony.


----------



## DonLandis (Dec 17, 2003)

Simple Simon-

Sorry, I'm not up on all the specific lingo of the hacker and programmer world but, yes, I do recall Leo Laporte, Kevin Rose and Alex Albright as well as several other celebs discussing it in the "DRM" language. I don't know the significance of that so it kind of went over my head, what I did understand that all the claims of Macs don't get this, and I don't have to worry because I didn't allow the install etc. were suspectwith this particular hack into your computer. Their suggestion was to be safe- Don't play Sony media in any conmputer that connects to the internet. If you do, chances are you are screwed and need to reformat your drive etc. That warning was significantly scary to me.


----------



## SimpleSimon (Jan 15, 2004)

Always best to be safe than sorry, but remember there's a lot of Chicken Little types out there, too.


----------



## DonLandis (Dec 17, 2003)

Right, and as with most stuff like this, when it first comes out all you CAN do to be safe is don't participate. Later after the experts get into it, utilities will be made that allow the nasty infection to be reversed easily, the guilty parties will be caught, convicted and punished appropriately for their wrong doings. I expect, depending on the damage extent reported that Sony will have to cease and dissist, recall product, and face class action restitution to individuals who were vicitimized. Even though they did hire a third party fot the hack development, they were said by that party to be fully aware of what they were doing and are therefore culpable.


----------

