BugBlog Home
BJK Research Home
BJK Research Home

Did the BugBlog help you? Donate via PayPal to say thanks.

Even better, subscribe to the BugBlog Plus for even more coverage of bugs and their fixes.

Jump to the BugNet archives Dec 06
Nov 06
Oct 06
Sept 06
Aug 06
July 06
June 06
May 06
Apr 06
Mar 06
Feb 06
Jan 06
Dec 05
Nov 05
Oct 05
Sept 05
Aug 05
July 05
Jun 05
May 05
Apr 05
Mar 05
Feb 05
Jan 05
Dec 04
Nov 04
Oct 04
Sep 04
Aug 04
Jul 04
June 04
May 04
Apr 04
Mar 04
Feb 04
Jan 04
Dec 03
Nov 03
Oct 03
Sept 03
Aug 03
July 03
June 03
May 03
April 03
Mar 03
Feb 03
Jan 03
Dec 02
Nov 02

Amazon.comOrder books and more at Amazon.com

Win 2K Secrets
Order Windows 2000 Secrets from Amazon.com



The Sony Page

This page collects all the bugs that have appeared in both the BugBlog and in the BugBlog Plus over the Sony DRM controversy. The newest items appear at the top, so if you want a chronological record you want to start at the bottom and work your way up.


Music CDs with DRM (digital rights management) software that opens up dangerous security holes on your computer are not llimited to those from Sony BMG. Sony actually used third-party software from two different companies, and one of the companies, SunComm, has released lists of affected CDs. There are a number of other labels and artists affected. The Electronic Frontier Foundation has links to the list, and will probably have further updates, at http://www.eff.org/deeplinks/archives/004339.php.


Sony may be reaching a settlement for some of the lawsuits being filed against it for the spyware that their music CDs secretly installed on computers. It still needs to be approved by the court -- but it appears you will be able to exchange your spyware-infected CDs for clean versions. Read more at http://www.computerworld.com/securitytopics/security/story/0,10801,107418,00.html.


The last thing you want to give someone for Christmas is a music CD that installs a root-kit on their computer. While Sony-BMG is recalling millions of CDs, there's still the chance that you could find one. Rather than memorizing a long list, the Electronic Freedom Foundation has a handy Spotters' Guide that shows what kinds of labels you need to watch out for on the CD jewel box. The guide at http://www.eff.org/IP/DRM/Sony-BMG/guide.php covers both DRM schemes from Sony that can cause problems, the XCP as well as the SunnComm MediaMax method.


According to some media reports, the Cumulative Update for Microsoft Internet Explorer in MS05-054 will also clean up some of the problems that may have been installed by Sony BMG's DRM software.


Finnish anti-virus vendor F-Secure says that one of the leading sources of rootkit installations (other than Sony BMG music CDs, I assume) is the adware/spyware company ContextPlus. The rootkit features are used to keep the spyware hidden from users and spyware scanners. Read more in eWeek at http://www.eweek.com/article2/0,1895,1897728,00.asp.


Sony BMG now says they used another digital rights management (DRM) scheme on other music CDs. This software, SunnCom MediaMax 5, also has a bug that may allow for privilege elevation. Sony and SunnCom have provided a patch, but independent security researchers say the patch itself has problems and you shouldn't use it. The list of bad CDs is at http://www.sunncomm.com/support/faq/releases.asp, (there are some Britney Spears CDs on the list, so the title is appropriate) although it may be more effective to just avoid Sony altogether. The Electronic Frontier Foundation has a FAQ page with many details at http://www.eff.org/IP/DRM/Sony-BMG/mediamaxfaq.php#2.


According to a story in Business Week, the computer security company F-Secure also discovered the root-kit fiasco about a month before the story was made public. Apparently, Sony tried to downplay the significance of F-Secure's findings, although in retrospect they probably realize they should have paid more attention. Read the whole thing at http://www.businessweek.com/technology/content/nov2005/tc20051129_938966.htm.


There are reports that the badly-flawed Sony DRM tool, which has caused a massive product recall by Sony, may have actually included open source code within the proprietary software. So Sony actually violated someone else's copyright in their zeal to install their rootkit on your computer. Here's one view of the situation at http://blogs.zdnet.com/BTL/?p=2177&tag=nl.e539.


Now it is the Department of Homeland Security's turn to smack around Sony. They have issued a National Cyber-alert about the uninstall script that Sony and First4Internet have issued to remove the rootkit that comes with certain Sony music CDs. The uninstall program installs an ActiveX control that has been marked Safe for Scripting, which means that just about any hacker or script kiddie could use it to download hostile content onto your computer. You would have to visit a malicious website with Microsoft Internet Explorer for this to happen. The alert, which has links to more technical details, is at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3650.


Sony says it will recall all of the CDs with the DRM rootkit. They say they have shipped 4.7 million of them, and sold 2.1 million. They are also recalling the uninstall program that they originally posted after they were caught, after it was revealed that the uninstall program is buggy, too. If you want to see the list of CDs with the bad software, see the Electronic Frontier Foundation at http://www.eff.org/deeplinks/archives/004144.php.


Romanian security researchers at BitDefender have found the first Trojan horse program that exploits the Sony DRM root-kit as a way to hide. If you haven't been following along, the Sony software will hide any software whose name starts with $sys$. That means the Sony music CDs install software that will then conveniently hide the bad guy's software. (Remember that next time you are shopping for consumer electronics.) You can read BitDefender's report at http://news.bitdefender.com/NW193-en--First-Trojan-Using-Sony-DRM-Detected.html.


Microsoft will be labeling Sony's DRM (digital rights management) rootkit as spyware, and will be updating their Windows AntiSpyware application so that it can detect and remove the rootkit. This will take place during the regular updating of the antispyware's signatures. Microsoft's Anti-Malware Technology Team talk about this on their blog at http://blogs.technet.com/antimalware/archive/2005/11/12/414299.aspx. Note to Sony: when even Microsoft says that you've gone too far, you need to do some serious re-thinking.


An update on the Sony rootkit issue from Mark Russinovich, who initially discovered the intrusive software installed by some Sony music CDs. First he highlights the extremely convoluted procedure you need to go through to get the software that uninstalls the rootkit. He then shows that the uninstaller isn't put together in a safe manner, and could cause your computer to crash. He also shows that the software does contact Sony, although at this point it seems to be for a fairly benign reason. Read the details at
http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html. To avoid trouble, avoid using Sony's copy-protected CDs on your computer. It's up to you to determine how much business you want to send Sony's way after this.


Want to see the kind of reviews a company doesn't want to see? Check out the reader comments in one of the Sony CDs that installs the DRM root kit on your computer. I'm sure Van Zant, the group that was probably the unwitting guinea pig for this software, isn't very happy either.


Hackers are using the Sony DRM (digital rights management) root-kit as a way to hide their cheating in an online game. Blizzard Entertainment uses a program, called the Warden, to protect against cheaters in the World of Warcraft online game. But since the Sony program hides any program that starts with the prefix $sys$, the cheaters can buy and install the Sony music CD, and then use it as protection against being caught. Cheating in an online game is fairly trivial, but it is important because it shows how bad guys can use the Sony root-kit to hide their malware on your computer. If you've played a DRM-enabled Sony CD, you could be a target. Read the details at http://www.theregister.co.uk/2005/11/04/secfocus_wow_bot/.


It appears that as part of a stringent DRM (digital rights management scheme), Sony is shipping new music CDs that install a root kit on your PC. If you manage to discover this and try to delete it normally, you may screw up your CD. This was discovered by Windows expert Mark Russinovich, who knows more about Windows than everybody outside of Microsoft (and probably inside too.) Sony's lame attempt to help is http://cp.sonybmg.com/xcp/english/faq.html#uninstall -- you will need to contact them to get the uninstall procedure. You can see Russinovich's meticulous research at http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html. The workaround is simple -- don't buy stuff from Sony.