SONY DRM rootkit – the gift that keeps on giving



Well… I said, more legs than a centipede for this one…. It looks as though the uninstaller from Sony is an activex control that may have some SEVERE security implications. The ActiveX invokes a command to reboot the computer (RebootMachine). (Which is likely remotely exploitable). Also it appears to use an (InstallUpdate) download which could be exploitable AND if that’s not enough, a n ExecuteCode function which could crash the browser. It should be noted that the ActiveX uninstaller REMAINS ON THE SYSTEM after the SONY DRM ROOTKIT is removed, meaning that these functions would be available for remote exploit even after the XCP software is uninstalled.


Sunbelt blog had the link. Right now the author of the 1st link is looking for a link to the uninstaller so that the above can be verified. I suspect there’s still a bit more to come here as well…

Update 11-15

The securityfix has the story that today several groups of security and privacy experts are expected to announce findings of several serious security vulnerabilities in the XCP software, a search that has been going on in earnest since the rootkit was discovered.

From the article…

But wait, it gets … er … better. The researchers discovered a security flaw in XCP (which stands for “extended copyright protection”) that could afford attackers a window through which to break into computers running the software and install additional software or viruses.

There are some hints there about vulnerabilities with the uninstaller listed above, a link here gives the warning to not use Sony’s uninstaller.

Related Posts

Blog Traffic Exchange Related Posts
  • The Continuing Stooo-ry of the Sony DRM rootkit debacle.... Let's see there are a couple more notes to pass along on Sony DRM rootkit news. This story could go on for some time, it's already had legs for about a week or more and just when things started to wind down a bit, there's a bit more. First up,......
  • Adobe Acrobat vulnerabilities.... According to The Register among other sources, there is a vulnerability in all Acrobat and Reader software prior to the following safe release numbers: Windows and Mac Reader users please install 7.0.3 or 6.0.4 to be fixed (all other 7 series and 6 series versions are vulnerable). Acrobat users on......
  • Barcode Scam to get $4.99 iPod A Colorado University student was arrested for a barcode scam after trying to buy an iPod for $4.99 (with a fake barcode) at a Colorado Target store. Apparently the scam was successful once and he came back a second time. Basically he used a barcode printing program to duplicate the......
Blog Traffic Exchange Related Websites
  • free SANS webcasts powered by vLive! The SANS Institute <Webcast@sans.org wrote: Please join us in the upcoming weeks for the following informative, free SANS webcasts powered by vLive!, the SANS Institute's online learning platform: WEBCAST 1 Internet Storm Center: Threat Update WHEN: Wednesday, May 11, 2011 at 1:00 PM ET (1700 UTC/GMT) FEATURING: Johannes Ullrich https://www.sans.org/webcasts/isc-threat-update-20110511-94088......
  • Guiding Principles On Link Building For Small Australian Businesses   Building backlinks is definitely a significant element of search engine optimization, as well as developing your own on-line label no matter where you might be and whether you’re big or small. No matter if you have a brand new accounting firm in Perth, or one of the local fish......
  • The Types of Hackers: Black Hat, White Hat or a Gray Hat Hacker, Which Type are you? A white hat hacker is a computer and network expert who attacks a security system on behalf of its owners or as a hobby, seeking vulnerabilities that a malicious hacker could exploit. Instead of taking malicious advantage of exploits, a white hat hacker notifies the system's owners to fix the......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site