Sony DRM Rootkit — it’s worse



I did this as updates to an earlier post, but it probably deserves it’s own post now. The morning brought us the news of SERIOUS flaws in the Uninstaller ActiveX control for Sony’s DRM, then came news of ANOTHER flaw, this one a privilige escalation “attacker can take control of PC” vulnerability in the DRM rootkit (XCP) itself. The other bit of news to come has been the extent of the install base of XCP.


It seems that over 560,000 networks have the Sony DRM rootkit. Basically, Dan Kaminsky has analyzed DNS servers around the world and 560,000 +++ have cached DNS lookups for the site that the XCP rootkit “Phone’s home to”. These are DNS servers, so the scope of this could easily be millions of PC’s and could be 10′s of millions. Apparently there are few countries not represented in the list.

So, the DRM Rootkit (aka XCP) from Sony has major security flaws, it can hide other malicious software with it’s designed feature of hiding all files with $SYS$ in front of the name, the uninstaller was reported as buggy and requires an ActiveX control which is marked safe for scripting, remains on the system after uninstall. Some methods of uninstalling will wreck your ability to use the cd drive, the ActiveX control has multiple remote vulnerabilities and it’s on AT the VERY LEAST 560,000 PC’s and a reasonable estimate is that it could be millions. THANK YOU SONY.

I think I can hear the shouts of glee from malicious crackers EVERYWHERE.

At this point, Sony has said they’re stopping sale of affected discs and will be providing recall/swap details soon. I think they need to start getting out some information. How many of these cds were sold, how many have contacted the “Phone home servers” (to give a reasonable guess at the number of affected PC’s), I can’t believe they didn’t track that information. Further to help clean up from the UNINSTALLER, they need to start putting out numbers of how many downloads the ActiveX control has had. For much of this Sony/First4Internet are the only ones that will be able to truly give an idea of how widespread this is, but it is obviously VERY widespread. For once in this whole mess, Sony needs to stand up, take responsibility and proactively try to help people clean up this mess, get the word out to customers, etc….

Until that happens, the December update of Microsoft’s Malicious software removal tool may be the best bet for most users.

Related Posts

Blog Traffic Exchange Related Posts
  • Sony's OTHER DRM software uninstaller will be pulled According to zdnet.com, Sony and SunnComm are pulling the OTHER DRM uninstaller from the web and it will be replaced with a safer version of the uninstaller. Researchers blogging at freedom-to-tinker.com had detailed serious vulnerabilities in the uninstaller for the DRM software made by SunnComm (called MediaMax). The companies say......
  • Sony rootkit settlement Here's a followup to one of the first big stories that I posted on... the Sony rootkit - there has been a settlement with the FTC (Federal Trade Commision). It has yet to be approved but, affected customers could see up to $150 to cover cost of repair (rootkit removal/etc.)......
  • Sony class-action suit picks up researcher Mark Russinovich as an expert witness News continues on the Sony mess.... (Expect to hear about this for some time...) The researcher that informed the world about the Sony DRM rootkit, Mark Russinovich, has joined the class-action suit against Sony and First4Internet as an expert witness on the matter. Russinovich said he opted to join the......
Blog Traffic Exchange Related Websites
  • Security News: US report blasts China, Russia for cybercrime; Duqu Malware: Still No Patch; MIT server hijacked in drive-by download campaign US report blasts China, Russia for cybercrime By LOLITA C. BALDOR, Associated Press – 4 hours ago WASHINGTON (AP) — Cyberattacks by Chinese and Russian intelligence services, as well corporate hackers in those countries, have swallowed up large amounts of high-tech American research and development data, and that stolen information......
  • How to Install a Home Security System: Most Common Pitfalls Installing a home security system might seem easy. To be sure, it’s a lot easier to install one today than it was just a decade ago. Inexpensive consumer electronics components combined with robust wireless technology means that even an amateur can put in a decent system. Just because it’s easy,......
  • Comodo Internet Security Get the highest level of security with the advanced features available through Internet Security Pro 2011. Firewall - Slam the door on viruses with Comodo's unique Default Deny Protection™. Explore Comodo Firewall Antivirus - Scan for and destroy known threats to your PC’s health. Explore Comodo Antivirus Live Security......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site