>From another list: This is OT for some of the lists but very important to pass along. [Whitmores_Announcements] BMG (Sony) RootKit on some audio CDs
Greetings: I have been watching and reading about this for several days, and feel it's time to spread the news. There is good news and bad news. The good news is I believe it affects only Windows machines. The bad news is all you have to do is play one of these audio CDs to infect your machine. Sony/BMG music has put some software on some twenty of their new music CDs, intended to prevent casual copying. In itself, that is not such a bad thing. The problem is twofold: 1) The software, knows as a rootkit, hides itself, and any file with $sys$ as the first part of its name, so users cannot find it using any standard means, such as Windows Explorer or virus/spyware scanners. There are rootkit revealers that will find it. 2) If you do find it, and successfully remove it, it almost always breaks access to the system's CDROM drive(s), and no one has found a fix, short of rebuilding the Windows operating system. The real bad news is that as expected, virus writers didn't waste any time developing Trojan horse programs that exploit this vulnerability/feature. See: http://www.sophos.com/pressoffice/news/articles/2005/11/stinxe.html Wherein find: <snip> Trojan horse exploits Sony DRM copy protection vulnerability Sophos issues tool to detect and disable "cloaking" flaw exploited by Trojans Music CD The Trojan horse exploits a vulnerability introduced by Sony's CD copy protection software. Experts at SophosLabs™, Sophos's global network of virus and spam analysis centres, have detected a new Trojan horse that exploits the controversial Sony DRM (Digital Rights Management) copy protection included on some of the music giant's CDs. The Troj/Stinx-E Trojan horse appears to have been deliberately spammed out to email addresses, posing as a message from a British business magazine. Typical emails look as follows: Subject: Photo Approval Deadline Message body: Hello, Your photograph was forwarded to us as part of an article [truncated] </snip> There's lots more reading at: http://www.theregister.co.uk/2005/11/10/sony_sued_for_rootkit/ I do not yet have a list of titles with the software on them, but the new Van Zant album is one mentioned. Bottom line: If you have any relatively new audio CDs made by Sony/BMG (Say, less than three months old) DO NOT put them into any Windows based PC. If you already have, don't panic. The known effects are to break the system's ability to copy CDs, and the potential for getting a Trojan on your machine. Remember that removing the rootkit will almost certainly break your ability to use the CDROM drive(s). Let me know if you have a machine that may be infected. One quick test that may work, is to make a text file, and name it $sys$.txt See if it disappears as soon as refresh the folder. I tried this on my machine, and the file remained visible. Let me know if you have a machine that fails this test. Paul ------------------------ Yahoo! Groups Sponsor --------------------~--> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your home page http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/EyMolB/TM --------------------------------------------------------------------~-> Community email addresses: Post message: mailto:[email protected] Subscribe: mailto: [EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] List owner: mailto:[EMAIL PROTECTED] Shortcut URL to this page: http://www.groups.yahoo.com/group/TVRO Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/TVRO/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
