Sony/BMG "fix" makes infected computers MORE vulnerable

[theblue1]

[Mod: I put this here because I couldn't figure where it belonged... please feel free to move it as needed.]

Quote:

Sony DRM infection removal vulnerability uncovered

Tool is worse than original infection


SONY PULLS OFF ANOTHER blatant stupidity in the 'cure is worse than the disease' category. No, not the DRM infection itself, not the security compromising removal agreement, but the removal tool itself. Yes, this one appears to put you in MORE danger than the original rootkit. Silly Sony, no cookie.
According to Freedon To Tinker, the web based installer is a worse vulnerability than the original rootkit. More on the story here, FTT goes into detail. It seems the 'cure' from Sony involves downloading an ActiveX control called CodeSupport. This is a signed control that lets just about anyone download, install and execute arbitrary code on your machine.

See a problem? See a big problem? To make matters even funnier, the uninstaller, supposedly anyway, leaves this control on your machine. So, the Sony uninstaller is not a total uninstaller, it leaves a hole you can drive a truck through on your system, silently of course.

The more disturbing part is that it appears the control is signed. I wonder who at MS approved this, and how this blatant security hole got through the barest minimum of QC? Moral, if you bought Sony products, you are screwed. If it causes you problems, you are screwed more. If you uninstall, you are screwed yet harder. If you uninstall it yourself, you are a criminal under the DMCA. If you use an antivirus program to uninstall it, you spent money to fix Sony's problems, and you are still a criminal. That's what you get for buying music.

from Brit tech news mag: The Inquirer


And... it turns out this may be a VERY large problem for a VERY LARGE number of people, business -- and the government and the military -- which research shows are big recipients of Sony's software "largesse"...

Quote:

More than half a million networks, including military and government sites, were likely infected by copy-restriction software distributed by Sony on a handful of its CDs, according to a statistical analysis of domain servers conducted by a well-respected security researcher and confirmed by independent experts Tuesday.

... Using statistical sampling methods and a secret feature of XCP that notifies Sony when its CDs are placed in a computer, Kaminsky was able to trace evidence of infections in a sample that points to the probable existence of at least one compromised machine in roughly 568,200 networks worldwide. This does not reflect a tally of actual infections, however, and the real number could be much higher.

Each installation of Sony's rootkit not only hides itself and rewrites systems drivers, it also communicates back to Sony and the creators of the software, British company First 4 Internet and Phoenix-based SunnComm Technologies, who handled the Mac side for Sony.

... Kaminsky discovered that each of these requests leaves a trace that he could follow and track through the internet's domain name system, or DNS. While this couldn't directly give him the number of computers compromised by Sony, it provided him the number and location (both on the net and in the physical world) of networks that contained compromised computers. That is a number guaranteed to be smaller than the total of machines running XCP.

Wired


The Wired article goes on to state that one in 6 domain name servers showed 'knowledge' of the Sony address -- reflecting a very, very broad penetration of this Sony-sponsored spyware trojan.

[fishman]

That's so funny - or disturbing, I haven't decided! I might be a little behind the times, but didn't Microsoft pledge to crack the Sony code (this according to the 'Metro' newspaper, London edition, yesterday)?

fish

[theblue1]

Yeah... I'm working from memory, here, but, as I remember it, MS promised to specifically address the Sony debacle with a fix that will appear, I think, as part of or an adjunct to, one of their PC security free tools (or maybe their new online scan... it's a bit hazy, my memory is.)

[achtung baby]

atleast my zeppelin LP's never installed a rootkit into my stereo.

[username]

meh.. and obviously their failing sales are due to piracy!... not to do with them treating their customers like crap...

Has anyone else noticed that the independant label sales are rising massively.. arent they subjected to piracy too?

major labels are just terrible these days it seems