Who's Got Your Back?

Not Sony, that's for sure. Mark Russinovich over at Sysinternals discovered Sony BMG's rootkit recently and blogged the process (great reading for anyone who likes nitty gritty, device driver details and hex code dumps). The fuss was over Sony's unauthorized...

November 10, 2005

3 Min Read
Network Computing logo

Not Sony, that's for sure. Mark Russinovich over at Sysinternals discovered Sony BMG's rootkit recently and blogged the process (great reading for anyone who likes nitty gritty, device driver details and hex code dumps).

The fuss was over Sony's unauthorized installation of a rootkit that cloaked files from the system and inserted a driver into the CD device driver stack that, if removed, would break the ability of your PC to play any CDs. The software was installed off of Sony BMG "copy protected CDs" and no mention of it was made in the EULA.

Since then, Sony has altered its EULA to cover its...software and has grudgingly offered instructions on how to safely remove its rootkit without killing your PCs ability to play CDs. Antivirus providers pointed out that such a rootkit could potentially provide a mechanism for virus writers to hijack PCs, and today we learn that this is exactly what has happened with the discovery of a trojan using the Sony DRM rootkit to drop an IRC trojan on user's machines.

A new trojan which uses the cover provided by the Sony DRM component to hide has been detected by BitDefender Labs at 12.15 PM GMT today and is in the wild. This is the first ever observed instance of malware using the Sony DRM rootkit detected and analysed by Mark Russinovich.

***UPDATED (14.02 pm GMT)***

Analysts at the BitDefender Labs have completed a technical description of the threat and published a signature update. A removal tool for the trojan and a detection tool for the Sony DRM component are in preparation at the BitDefender Labs and will be made available to the general public in the following hours.

The full analysis of the trojan is available here

While we understand the desire of music companies (greed) and the (evil) RIAA to protect their copyrighted content from being illegally obtained, it is improper for them to endanger users to protect their own pocketbooks.

This isn't the first time that music companies or the RIAA has utilized questionable tactics to protect their interests (money money money). The RIAA has fought for the right to destroy user's computers in the event that illegally traded music files are discovered, has polluted file sharing networks with virus laden files, and used other underhanded, blatantly illegal tactics to protect its content despite the lack of hard facts to prove that file sharing networks are the cause of the decline in CD sales (crap music would explain the decline just as well).

DRM may sound like the perfect way to protect your content, but if you use techniques that endanger users or destroy their PCs then you are as guilty as virus writers of breaking the law and, my friend, you have become what you claim to despise.

"As soon as men decide that all means are permitted to fight an evil, then their good becomes indistinguishable from the evil that they set out to destroy."Christopher Dawson, The Judgment of Nations, 1942Be careful out there...

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Nextgen network management
Network Management
Nextgen Network Management: What’s Next and Are We Ready?Nextgen Network Management: What’s Next and Are We Ready?
byMary E. Shacklett, President, Transworld Data
May 27, 2024
4 Min Read
SASE Explained: Definition, Benefits, and Best Practice
SASE Networking
SASE Explained: Definition, Benefits, and Best PracticeSASE Explained: Definition, Benefits, and Best Practice
bySalvatore Salamone, Managing Editor, Network Computing
May 1, 2023
22 Min Read
NaaS 2024: A Look at the Future of Network Services
Network Infrastructure
NaaS 2024: A Look at the Future of Network ServicesNaaS 2024: A Look at the Future of Network Services
byPascal Menezes, MEF
Mar 22, 2024
5 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat