SONY DRM rootkit – the gift that keeps on giving



Well… I said, more legs than a centipede for this one…. It looks as though the uninstaller from Sony is an activex control that may have some SEVERE security implications. The ActiveX invokes a command to reboot the computer (RebootMachine). (Which is likely remotely exploitable). Also it appears to use an (InstallUpdate) download which could be exploitable AND if that’s not enough, a n ExecuteCode function which could crash the browser. It should be noted that the ActiveX uninstaller REMAINS ON THE SYSTEM after the SONY DRM ROOTKIT is removed, meaning that these functions would be available for remote exploit even after the XCP software is uninstalled.


Sunbelt blog had the link. Right now the author of the 1st link is looking for a link to the uninstaller so that the above can be verified. I suspect there’s still a bit more to come here as well…

Update 11-15

The securityfix has the story that today several groups of security and privacy experts are expected to announce findings of several serious security vulnerabilities in the XCP software, a search that has been going on in earnest since the rootkit was discovered.

From the article…

But wait, it gets … er … better. The researchers discovered a security flaw in XCP (which stands for “extended copyright protection”) that could afford attackers a window through which to break into computers running the software and install additional software or viruses.

There are some hints there about vulnerabilities with the uninstaller listed above, a link here gives the warning to not use Sony’s uninstaller.

Related Posts

Blog Traffic Exchange Related Posts
  • Network security - how safe is your network? Looking at ARP A while back I did a network security series and one of the points that I mentioned was that it's important to know what is normal for your network. In other words, what machines are NORMALLY connected, what services are normally running, etc. Well, I'm about to start a serious......
  • Network Security - Arp spoofing So.... what is arp spoofing (poisoning).... and what are it's implications? ARP spoofing involves tricking a machine into thinking that you're machine is, yet another. Let's put this in IP address terms. Let's say that 192.168.0.1 is the default gatway on the network and 192.168.0.150 is our target. We are......
  • Windows RDP Denial of service vulnerability I just saw this article at zdnet news a few minutes ago. Basically a new security bulletin is out with regards to Windows Remote Desktop Server being vulnerable to a denial of service (DoS) attack. Essentially it affects Windows 2000, XP and Server 2003. It appears that under an overwhelming......
Blog Traffic Exchange Related Websites
  • free SANS webcasts powered by vLive! The SANS Institute <Webcast@sans.org wrote: Please join us in the upcoming weeks for the following informative, free SANS webcasts powered by vLive!, the SANS Institute's online learning platform: WEBCAST 1 Internet Storm Center: Threat Update WHEN: Wednesday, May 11, 2011 at 1:00 PM ET (1700 UTC/GMT) FEATURING: Johannes Ullrich https://www.sans.org/webcasts/isc-threat-update-20110511-94088......
  • Corporate Blog Security Issues If you are planning on starting your own corporate blog or executive blog, or if you already have a corporate blog that you are writing in, then one of your greatest concerns should be corporate blog security issues. There are a variety of different corporate blogging security issues that you......
  • World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site