Difference between revisions of "Sony DRM Rootkit"
(New page: The Sony rootkit is on many music titles now as a copy protection scheme. Sony’s DRM rootkit doesn’t stop the music CD from playing on standard consumer electronics CD players, but wh...) |
|||
Line 17: | Line 17: | ||
Hold down the shift key when you insert a CD disc into the drive. This will prevent autorun from executing the rootkit. But keep in mind you may still launch the rootkit by clicking the cd drive letter icon in windows explorer, or certain applications such as Windows Media Player may also launch the rootkit. | Hold down the shift key when you insert a CD disc into the drive. This will prevent autorun from executing the rootkit. But keep in mind you may still launch the rootkit by clicking the cd drive letter icon in windows explorer, or certain applications such as Windows Media Player may also launch the rootkit. | ||
− | Don't put a Sony BMG music CD in your computer. | + | Don't put a Sony BMG music CD in your computer. Discs with Sony's DRM cannot be officially called Compact Discs, as they violate the original "Red Book" standard devised by Sony and Philips in June 1980. They can be easily spotted as the cases will not feature the familiar 'Compact Disc' logo. |
+ | |||
+ | == Detection == | ||
+ | |||
+ | Create a file with the name $sys$ on your computer, if the file disappears you are most likely already infected with the Rootkit. | ||
== Removal == | == Removal == | ||
Sony has released a patch in response to criticism. However, the patch does not disable the DRM rootkit and simply unmasks some of the rootkit that was hidden. Some users report more problems after using the Sony patch. | Sony has released a patch in response to criticism. However, the patch does not disable the DRM rootkit and simply unmasks some of the rootkit that was hidden. Some users report more problems after using the Sony patch. | ||
+ | |||
+ | Don't Trust ANYTHING released by SONY. | ||
Lavasoft's [http://www.lavasoft.com/support/securitycenter/aries_rootkit_remover.php ARIES Rootkit Remover] is the best known tool for removing the Sony DRM Rootkit. | Lavasoft's [http://www.lavasoft.com/support/securitycenter/aries_rootkit_remover.php ARIES Rootkit Remover] is the best known tool for removing the Sony DRM Rootkit. |
Revision as of 12:37, 23 August 2010
The Sony rootkit is on many music titles now as a copy protection scheme. Sony’s DRM rootkit doesn’t stop the music CD from playing on standard consumer electronics CD players, but when you go to play it on your computer the DRM rootkit automatically installs itself. When played on a Microsoft Windows PC, Sony’s DRM system forces you to play the music though their special software, which secretly installs the rootkit, just like a virus.
Sony installs a system-level application that effectively hides all file names from the user with specific filenames. These files are still present on the system and can be run normally, however any mention of their presence on the system is hidden from the user. This could allow authors of malicious software to use Sony's DRM software to hide their trojan horses on your computer.
The Sony DRM rootkit is a virus in essence. It hides itself so that even many technical computer experts can’t find it. Furthermore, it scans everything running on the system when active, and it causes computer performance to slow.
If you are actually able to find the Sony DRM rootkit and remove it yourself, you will likely lose access to the CDROM drive on your computer. Clean removal is extremely difficult, even for a professional computer technician. The way the rootkit replaces a driver for the CD drive will cause your CD drive to be disabled when you remove the Sony DRM rootkit.
Contents
Opportunism
Virus writers have begun taking advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its music CDs. Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory.
Prevention
When you insert a Sony CD into your computer, do not accept the Sony End User License Agreement (EULA). Accepting this long document in legalese effectively means you give permission for Sony to install software on your computer. Don't.
Hold down the shift key when you insert a CD disc into the drive. This will prevent autorun from executing the rootkit. But keep in mind you may still launch the rootkit by clicking the cd drive letter icon in windows explorer, or certain applications such as Windows Media Player may also launch the rootkit.
Don't put a Sony BMG music CD in your computer. Discs with Sony's DRM cannot be officially called Compact Discs, as they violate the original "Red Book" standard devised by Sony and Philips in June 1980. They can be easily spotted as the cases will not feature the familiar 'Compact Disc' logo.
Detection
Create a file with the name $sys$ on your computer, if the file disappears you are most likely already infected with the Rootkit.
Removal
Sony has released a patch in response to criticism. However, the patch does not disable the DRM rootkit and simply unmasks some of the rootkit that was hidden. Some users report more problems after using the Sony patch.
Don't Trust ANYTHING released by SONY.
Lavasoft's ARIES Rootkit Remover is the best known tool for removing the Sony DRM Rootkit.