Home » blogs » Charlie Cha's blog

Real Story of the Rogue Rootkit

Submitted by Charlie Cha on 18 November, 2005 - 3:40pm. Security Blanket Blog

Real Story of the Rogue Rootkit - Antivirus software makers are nowhere to be found when Sony's CD Trojan horse comes knocking. Mere incompetence can't explain that. Commentary by Bruce Schneier. [Security Blanket]

Yet another mega-corporation tries to circumvent the law. Not only is it illegal for Sony to put this type of program into people's computers, but Sony is also trying to restrict people from using the music files that they paid for the ways that they could under fair use laws. This is an extraordinary breach of ethical and privacy rights on the part of Sony. If an individual tries to pull this off, they would have been jailed for sure, but somehow it's ok for corporations to do it.

For those of you that have not heard about this XCP rootkit that Sony has unleashed on the world, here's a brief description: certain music CDs released by Sony BMG, Sony’s music division, contains software that, when installed on someone’s computer, will restrict how many times the computer can burn a copy of that CD and prevent the user from copying the music files to another location.

Those restrictions might already be pretty bad themselves, but it’s the way Sony achieve these ends that has everyone in an uproar. If a user wants to listen to the music CD on their computer, they have to agree to an undecipherable EULA, and the CD installs a proprietary music player, along with the XCP rootkit.

This rootkit is dangerous because it gains control of the computer’s operating system at it’s highest level, mimicking as an important part of the operating system that, if a user tries to remove it, the action may very well damage Windows and make it inoperable. The reason it is called a rootkit is because it uses a special process that hides itself within the system, ‘cloaking’ it and rendering it undetectable by even anti-virus scanners. This very reason makes it a security risk because malicious programs such as virus and spyware can use the XCP rootkit to make themselves undetectable nearly impossible to get rid of, short of a complete reformat and reinstall of the entire operating system.

Anti-virus companies and even Microsoft was slow to respond to this threat to computer security, only because a multinational corporation, and not some two-bit hackers, released this rootkit. But thanks to technology blogs that spread the story, which was picked up by the mainstream media, Microsoft finally caved in to public pressure, stated that they considered the XCP rootkit to be malware, and released a patch to remove the clocking portion of the rootkit.

Sony also responded by recalling all CDs that contain the rootkit, and by temporarily halting the production of CDs that contain the XCP rootkit. Sony is doing this now to mainly to protect itself from the public relations nightmare the rootkit has spawned, and the pending litigation that both the states of California and New York is bringing to Sony. Basically Sony is trying to cover its own ass after being caught with its hand in the cookie jar.

What is scary, besides the fact that this rootkit has already infected about half a million computers around the world, is the attitude of the executives at Sony. It’s a damning indication of the lack of respect Sony has for it’s customers when Thomas Hesse, Sony BMG's president of global digital business, was quoted as saying, "Most people don't even know what a rootkit is, so why should they care about it?"

I’m disturbed by how willing Sony was to intrude peoples’ computers simply for their own agendas. It makes me wonder just how trustworthy corporations are in general these days. We should all be diligent whenever another multinational corporation wants to install anything on our computers.

» Charlie Cha's blog | login or register to post comments |

Rookits not Worthit

Submitted by priddykg on 29 November, 2005 - 2:26pm.

Honestly, I agree that the acts by Sony BMG to monitor and limit the copying of their music by developing a spywear-type system that installs on computers is totally wrong and illegal. BUT I think that the whole idea is a waste of time. Both Sony and the computer defenders are too busy arguing about whether or not a little detection device will effect your downloading and privacy rights to realize the big picture - that in a year or so, none of it will matter. We are in a state of technology right now that enables us to download and transfer music, often breaking copyright laws, to numerous different music hubs. But, I think that in no time at all, our technology will develop to a point that we will be able to alter the original music to a point where it no longer is applicable to fall under copyright laws because people have added their own bass beats, slowed rhythm, and altered lyrics on the songs that they have downloaded. Music is approaching a completely fluid state where no one - even Sony - will be able to monitor the music to its full extent. There is so much more in the future horizon of the music and downloading industry that it seems pointless to argue about whether or not you can copy a CD a certain number of times. The expense on both sides of the arguement is pointless and should be concentrated elsewhere.

» login or register to post comments

Sony and their Rootkits.

Submitted by KatieAndrews on 22 November, 2005 - 2:00pm.

I wholeheartedly agree with this post. I recently had to spend a great deal of money and time to repair my computer after it was attacked by ad-ware, spyware, and all other things meant to track my activities on the net, so I'm very passionate about this subject. I'm absolutely shocked that a seemingly reputable company like Sony would do something like this, and that Microsoft would have such a flippant, "whatever," kind of attitude about helping to correct the problems! As PC users, we should be able to trust that large, multinational corporations that have been around for a long time would never do anything malicious. But, times have changed and apparently we can no longer do that anymore. It's ironic that Sony is now no better than a, as you put it, "two-bit hacker."

» login or register to post comments