RootKits on CD's

[Steve Pope]

In the news, there is a report that playing certain Sony
(at least) CD's will install a rootkit on your computer,
thus munging it up pretty seriously.

Is there a way to deterimine if a given CD has a rootkit
or similar malware? Perhaps a utility one could run on
a throwaway computer before you risk putting the CD into
a computer you care about?

Thanks
Steve

 

[Jeffrey A. Setaro]

In the news, there is a report that playing certain Sony
(at least) CD's will install a rootkit on your computer,
thus munging it up pretty seriously.

Is there a way to deterimine if a given CD has a rootkit
or similar malware? Perhaps a utility one could run on
a throwaway computer before you risk putting the CD into
a computer you care about?

Yes... You can use RootkitRevealer from <http://www.sysinternals.com>
and/or F-Secure's BlackLight RootKit Scanner
<http://www.f-secure.com/blacklight>.

You should probably read the following articles first though. They'll
give you a thorough explanation of the problem.

<http://www.f-secure.com/weblog/#00000691>
<http://www.f-secure.com/v-descs/xcp_drm.shtml>
<http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html>

Thanks

Your welcome.

Cheers-

Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[Nemo]

Just another interesting article on this issue from a slightly different
angle.
Hud
http://www.theregister.co.uk/2005/11/04/secfocus_wow_bot/

 

[James Egan]

In the news, there is a report that playing certain Sony
(at least) CD's will install a rootkit on your computer,
thus munging it up pretty seriously.

Is there a way to deterimine if a given CD has a rootkit
or similar malware? Perhaps a utility one could run on
a throwaway computer before you risk putting the CD into
a computer you care about?

According to one of the articles (I can't remember which one) all of
the big four music companies use the same first4internet DRM software
so maybe Sony is just blazing a trail for the others.

Jim.

 

[Virus Guy]

Putting the auto-run crap aside for a minute -

Are the PCM audio tracks on those CD's not visible or accessible to my
PC?

Can I run EAC (Exact Audio Copy) to extract the tracks to .wav files?

 

[sylvia]

According to one of the articles (I can't remember which one) all of
the big four music companies use the same first4internet DRM software
so maybe Sony is just blazing a trail for the others.

Jim.

http://ansuz.sooke.bc.ca/lawpoli/copyright/2005012001.php

EMI are doing something similar with copy protection software.

The above article relates to Canada but the CD analysed seems very similar
to one I recently bought in England.

Sylvia

 

[Steve Pope]

http://ansuz.sooke.bc.ca/lawpoli/copyright/2005012001.php

EMI are doing something similar with copy protection software.

The above article relates to Canada but the CD analysed seems very similar
to one I recently bought in England.

And they complain that sales of CD's are declining....

Steve

 

[kurt wismer]

In the news, there is a report that playing certain Sony
(at least) CD's will install a rootkit on your computer,
thus munging it up pretty seriously.

Is there a way to deterimine if a given CD has a rootkit
or similar malware?

if the packaging says it's 'copy protected' then it has 'similar'
malware... perhaps not a root kit per se, but DRM can only do it's job
by treating the consumer as an adversary...

Perhaps a utility one could run on
a throwaway computer before you risk putting the CD into
a computer you care about?

turn off autorun/autoplay and you should be safe from software that
automagically installs when you insert a cd...