One of the sub-stories in all the Sony DRM mess of the last month with the XCP copy protection was that it was really an ineffective way of preventing copying of music anyway. In other words, you could press shift while inserting the cd to avoid the installer, then other programs could access the cd/allow copying without the software installed, other OS’s could access the disc and rip the tracks. In other words it wasn’t very useful toward it’s objective of preventing copying…
Category: Security
-
New Beagle/Bagle variant?
So, I submitted the suspicious attachment I received to virustotal (scan@virustotal.com with SCAN in the subject and suspicious file as attachment.) What follows below is the report I received. It looks like some of the big names (Symantec, McAfee are not finding anything wrong with it at this point, with the hodge-podge of names it will take me a bit to investigate and see if the other vendors are tagging it as new.)
-
Today’s Sony DRM rootkit stories….
Amazingly I haven’t seen any big Sony news today, but there are a couple stories out that are worth noting… First up is freedom-to-tinker with their take on the lawsuits announced yesterday and the one thing that isn’t getting much press coverage, the MediaMax DRM software. XCP is the name of the rootkit that Sony had used for Digital Rights Management that’s caused all the fuss lately, through it’s way of hiding in the system, it’s security vulnerabilities, it’s difficulty to remove (damage to the system) and vulnerabilites in the uninstaller. Well…
-
New Sober variants..
Ok – there are some new variants on the Sober worm circulating. I received one on an address that’s unfiltered (no virus/spam filtering) and must say, I can see people being duped into looking at the attachment. Sans has a post on it.. Sarc is calling it W32sober.x@mm and rates it at a threat level of three. I’ve seen many outlets tag it as sober.y
-
More on Explorer vulnerability
Among other things… Sans has lowered the infocon to green, NOT that the threat is diminished, but there have been no new developments with regards to the announcement yesterday of a major Internet Explorer security vulnerability. Sans recommends browsing the web with firefox (with the noscript extension, so you can enable/disable javascript where you wish). There has not yet been evidence of an active attempt at exploiting the vulnerability, but the proof of concept code could be relatively easily changed.
-
Cleaning up after the Sony Rootkit
Sunbeltblog has a suggestion (from Ben Edelman) for SONY on how to get the word out to customers that they have the problem laden XCP/ rootkit/ trojan/ drm software that’s been burning up tech news… Distribute an ad through their own rootkit. It does, after all, “phone home” from time to time and…. it looks like a banner can be displayed. Details on Ben Edelman’s site.
-
More Sony lawsuit news… Texas files suit
The security fix is reporting on the latest lawsuit filed against Sony/BMG for the DRM rootkit known as XCP.
“Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers,” Abbott is quoted as saying in a press release on his official Web site. “Consumers who purchased a Sony CD thought they were buying music. Instead, they received spyware that can damage a computer, subject it to viruses and expose the consumer to possible identity crime.”
-
More on Sony’s copyright infringement with their DRM Rootkit
“What a tangled web…” there is more today at freedom-to-tinker on the evidence that Sony (and or first4internet), have infringed on copyrighted code in their DRM software XCP which has been at the middle of quite a bit of controversy the last few weeks. Most of the coverage has been on some of the cloaking capabilities, the security vulnerabilities and the uninstaller vulnerabilities… but it looks fairly obvious that at least some GPL or LGPL code has been used without abiding by the terms of the GPL/LGPL
-
Malicious .biz site and browser vulnerabilities
This from incidents.org as well… A user visited a webpage and got redirected to hxxp://iframebiz.biz/dl/adv443.php (tt changed to xx to protect anyone from getting there…)
(more…) -
Mambo exploit
The sans institute (incidents.org) is warning of a Mambo exploit making the rounds. Full disclosure and security focus have more details. No word on this point of workarounds… Mambo, of course, is an open-source CMS (content management system.)