Sony discs to be recalled



It looks as though the uninstaller as claimed last night, does have more serious implications than the original rootkit, in Sony’s continuing DRM nightmare. Basically, the uninstaller will allow any web page to run arbitrary code and or remotely control your pc. Which is sort of the holy grail of remote exploits. The ActiveX control called CodeSupport that is required to get the uninstaller is the culprit here. It remains on system after uninstall and is marked safe for scripting.


Further, it doesn’t verify that downloads are coming from it’s writer, First4Internet, or Sony. Basically a malware writer could craft malicious software, then design a webpage that claims to require the ActiveX component and use it’s download feature, then visitors would automatically be infected with the malware. A demonstration “proof of concept” page has been designed that does just that. The following link, IF you have the uninstaller and therefore are vulnerable WILL REBOOT YOUR PC proof of concept link, outside of the reboot nothing else will be done.

There is a command to delete the CodeSupport component, given as …

cmd /k del “%windir%downloaded program filescodesupport.*

(From the cmd shell in WinXP/2000) – Start, run, cmd, ok…

This wouldn’t prevent it from installing again, and may just be a temporary fix…

It seem also that It’s being reported that Sony will recall the affected discs, current discs in the supply chain will not be sold. Exchanges will be available for affected customers. More recall details to follow.

Most of the above from freedom-to-tinker.com

–update 11-15 at 11:47am EST

Coverage at the securityfix. Also, Sunbeltblog.

–update 11-14 at 6PM EST–

The securityfix has news of YET another vulnerability in Sony’s software….. The details, such as they are… are here. Basically it’s a privilige escalation vulnerability – full control over the PC… blah blah blah… (How many flaws are there now in this product???)

But wait… there’s more…

So, you wonder how many pc’s may have this DRM Rootkit??? According to this post, it’s on over half a million networks. This was figured up by Dan Kaminsky Apparently the rootkit phone’s home as was reported earlier. In the process, of course, it has to do a DNS lookup for the site, DNS servers cache lookups to speed finding a site a second time. In a four day oddysey… he found 568,200 DNS servers with cached lookups for the rootkit’ed machines. Now, think about it – that’s just the DNS servers, let’s say each DNS server handles a network of 10,000 machines – then how many might we estimate has the rootkit??? I would say millions of “infected” PC’s is a safe guess.

On his site (linked above) he has images of different regions with red indicating areas with DNS cache information on the rootkit “phone home” number… USA image.. .USA image link provided here, Japan seemed more heavily hit from the writeup. In the Security Fix article he’s quoted as saying it’s hard to find a country where it ISN’T installed.

What’s truly frustrating and ironic is Sony’s fix leaves the machine in AS vulnerable (or even moreso) a state than it is to start with.

Related Posts

Blog Traffic Exchange Related Posts
  • Google cache revealing critical personal infromation A while back I did an article on using Google search in some slightly more advanced ways, as well as a link to a site of specific Google searches. I've come across something in the Handlers diary at Incidents.org that is worth knowing about. The entry in question details that......
  • How to Remove IGuardPC | IGuardPC Removal Guide IGuardPC is one of the latest clones of the winisoft family of rogue antivirus applications. It is typically installed through the use of trojans and fake video codec and or (faked) flash player updates. This rogue will pop up warnings with the title Spyware Alert! and in it's scans will......
  • Apple Security Update 13 Seperate vulnerabilities are addressed by the latest Apple security updates. 9 vulnerabilites exist in network facing services like the web server, a couple in the web browser, another couple in SSL (secure socket layer) handling. In other words, get updating. I haven't used the Apple OS much in a......
Blog Traffic Exchange Related Websites
  • Credit Card SCAMS - Beware of Card Services Credit Card SCAMS are getting more crafty. There is one company out there called "Card Services" which are NOT the real "Card Services." Here is what they are doing and BEWARE. They formed a name just like the real Card Services, but they are the fake scammers. They get a......
  • Getting Started with Simple Woodworking If you are a beginner to the art of woodworking, then you should know that there are plenty of simple woodworking projects out there that you can take advantage of when you are first getting started. Wood working does not have to be a futile task, because you can make......
  • Generating Above Cents With Google Adsense Google Adsense is advertisements you can place on your web site in different formats, when a person clicks on an Ad you get payed a commission. Placing ads on your website is simple you just ought to copy and paste a script onto your internet site which can be quickly......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site