Where to report a possible root kit?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I'm wondering where to report a possible new root kit.

Following the Sony incident I am aware of the dangers that root kits pose.

I have recently bought a Warner CD "A-ha - The Definitive Singles Collection
1984|2004". CD 5046783242.

This contains a video to be played on a PC. When the disc is inserted, if
Explore is used on the drive in question, no audio tracks show, only the
Video file and a read me text file.

It would appear therefore that the audio files are being hidden.

I have an Aries kit detection and removal tool but this shows no Aries Kit
installed which suggests to me if a root kit is repsonible, the Warner CD has
different unreported kit on it.

Who do I need to report this to for investigation as if a root kit is
responsible, Microsoft need to be producing a removal tool and signatures for
detection and Warner need to be withdrawing and replacing the CD.

Al.
 
Hi Engel,

Thanks for your reply.

However, I can't possibly supply the files:

a) Its an Audio CD and its contents are being hidden (specifically to
prevent copying)

b) Even if I could copy it using Alcohol, I'd be breaching Copyright

c) An Alcohol test archive of it is 729 mb - try sending that as an Email
attachment!!!

I can only suggest that Microsoft buy a copy and test it. At least you'll
have a cd to play afterwards!

Al.
 
We have a new sample submission page at :
http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx

--
Mike Chan [MSFT]
Technical Product Manager
Windows Defender

This posting provided "AS IS" with no warranties, and confers no rights.
--
Alsone said:
Hi,

I'm wondering where to report a possible new root kit.

Following the Sony incident I am aware of the dangers that root kits pose.

I have recently bought a Warner CD "A-ha - The Definitive Singles
Collection
1984|2004". CD 5046783242.

This contains a video to be played on a PC. When the disc is inserted, if
Explore is used on the drive in question, no audio tracks show, only the
Video file and a read me text file.

It would appear therefore that the audio files are being hidden.

I have an Aries kit detection and removal tool but this shows no Aries Kit
installed which suggests to me if a root kit is repsonible, the Warner CD
has
different unreported kit on it.

Who do I need to report this to for investigation as if a root kit is
responsible, Microsoft need to be producing a removal tool and signatures
for
detection and Warner need to be withdrawing and replacing the CD.

Al.
Click to expand...

--
Mike Chan [MSFT]
Technical Product Manager
Windows Defender

This posting provided "AS IS" with no warranties, and confers no rights.
--
 
Hi Mike

I don´t belive that a normal user can find out "samples".

But nearly all can probably say where they get infested.

URLs and Applications.

I went to prOn site smart.com and got Spyfalcon ;(
It must be easier to report sites and applications.

I really hope that WD recognise all of these soon !!!

http://www.malwarecomplaints.info/viewforum.php?f=4

regards
plun


We have a new sample submission page at :
http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx

--
Mike Chan [MSFT]
Technical Product Manager
Windows Defender

This posting provided "AS IS" with no warranties, and confers no rights.
--
Alsone said:
Hi,

I'm wondering where to report a possible new root kit.

Following the Sony incident I am aware of the dangers that root kits pose.

I have recently bought a Warner CD "A-ha - The Definitive Singles
Collection
1984|2004". CD 5046783242.

This contains a video to be played on a PC. When the disc is inserted, if
Explore is used on the drive in question, no audio tracks show, only the
Video file and a read me text file.

It would appear therefore that the audio files are being hidden.

I have an Aries kit detection and removal tool but this shows no Aries Kit
installed which suggests to me if a root kit is repsonible, the Warner CD
has
different unreported kit on it.

Who do I need to report this to for investigation as if a root kit is
responsible, Microsoft need to be producing a removal tool and signatures
for
detection and Warner need to be withdrawing and replacing the CD.

Al.
Click to expand...

--
Mike Chan [MSFT]
Technical Product Manager
Windows Defender

This posting provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
Hi Mike,

Thank you but I think you are missing the point here - it is a 721 MB (3/4
GB) file!!!

...and even then being an Alcohol copy I can't guarantee the root kit has
been copied as the files are all hidden.

Wouldn't it make more sense for Microsoft to acquire a copy of the CD?

Al.


Mike Chan said:
We have a new sample submission page at :
http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx

--
Mike Chan [MSFT]
Technical Product Manager
Windows Defender

This posting provided "AS IS" with no warranties, and confers no rights.
--
Alsone said:
Hi,

I'm wondering where to report a possible new root kit.

Following the Sony incident I am aware of the dangers that root kits pose.

I have recently bought a Warner CD "A-ha - The Definitive Singles
Collection
1984|2004". CD 5046783242.

This contains a video to be played on a PC. When the disc is inserted, if
Explore is used on the drive in question, no audio tracks show, only the
Video file and a read me text file.

It would appear therefore that the audio files are being hidden.

I have an Aries kit detection and removal tool but this shows no Aries Kit
installed which suggests to me if a root kit is repsonible, the Warner CD
has
different unreported kit on it.

Who do I need to report this to for investigation as if a root kit is
responsible, Microsoft need to be producing a removal tool and signatures
for
detection and Warner need to be withdrawing and replacing the CD.

Al.
Click to expand...

--
Mike Chan [MSFT]
Technical Product Manager
Windows Defender

This posting provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
Here's what I suspect is already happening, or has happened.

Security researchers, of various stripes and ilks, have already investigated
what other record companies are doing, in the wake of Sony's embarassment.

I'd be quite surprised if nobody has investigated how that CD is arranged.

Microsoft's business is built on providing a reasonably level playing field
for all software vendors. They are taking a stand against spyware, but they
need to tread very carefully where copy protection and possible malware
intersect.

You could drop a line to Mark Russinovich--but he may well be very busy
still.

This is how Amazon.com describes the format of this CD:
---
Enhanced
Enhanced CDs are music CDs to which data tracks have been added. Designed to
be read by the CD- or DVD-ROM drive in your computer, these tracks often
include music videos, photos, liner notes, Web features, and other such
content. The music portion of enhanced CDs should play in all CD and DVD
players.
---
In fact, it is quite possible that this CD is produced with this technology:

http://www.microsoft.com/presspass/press/2003/jan03/01-20SessionToolkitPR.mspx

If this is the case, then it is the decision of Warner Brothers to allow,
or not allow access to the music with Media Player --and your recourse will
be returning the CD or providing peer reviews at sites like Amazon.com about
how you feel about their decision.



--

Alsone said:
Hi Mike,

Thank you but I think you are missing the point here - it is a 721 MB (3/4
GB) file!!!

..and even then being an Alcohol copy I can't guarantee the root kit has
been copied as the files are all hidden.

Wouldn't it make more sense for Microsoft to acquire a copy of the CD?

Al.


Mike Chan said:
We have a new sample submission page at :
http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx

--
Mike Chan [MSFT]
Technical Product Manager
Windows Defender

This posting provided "AS IS" with no warranties, and confers no rights.
--
Alsone said:
Hi,

I'm wondering where to report a possible new root kit.

Following the Sony incident I am aware of the dangers that root kits
pose.

I have recently bought a Warner CD "A-ha - The Definitive Singles
Collection
1984|2004". CD 5046783242.

This contains a video to be played on a PC. When the disc is inserted,
if
Explore is used on the drive in question, no audio tracks show, only
the
Video file and a read me text file.

It would appear therefore that the audio files are being hidden.

I have an Aries kit detection and removal tool but this shows no Aries
Kit
installed which suggests to me if a root kit is repsonible, the Warner
CD
has
different unreported kit on it.

Who do I need to report this to for investigation as if a root kit is
responsible, Microsoft need to be producing a removal tool and
signatures
for
detection and Warner need to be withdrawing and replacing the CD.

Al.
Click to expand...

--
Mike Chan [MSFT]
Technical Product Manager
Windows Defender

This posting provided "AS IS" with no warranties, and confers no rights.
Click to expand...
Click to expand...
 
I definately suspect a root kit as the files are hidden to all media players.

They don't show in:

- Windows Explorer

- Windows Media Player

- Quick Time

Al.

- Nero Showcase
 
Hi Bill,

Just thought I'd let you know I've taken up your suggestion and emailed Mark
to see if he knows anything about this.

I'll post the outcome of any reply.

Al.
 
Thanks--I've no idea whether he's able to respond to individual queries, but
perhaps he'll have something helpful to report.

If, in fact, what is happening is like a root kit, I would expect that this
would exist as a report in various security researchers logs of outstanding
vulnerabilities, with the notation that the vendor has been notifed and a
response is awaited.

I suspect that there's more than one way to skin a cat, and that Sony picked
an unusually bad one--

You might take a look at this article:

http://ukcdr.org/issues/cd/overview.shtml

and see whether it, or things that it links to, give a clue about what
Warner is using.
 
Got a reply from Mark, hes going to look into it so hopefully we'll know if
it is a root kit in the not too distant future.

Al.
 
Back
Top