According to what I read at some of the links I have found all the cds that have this on it are marked.
Read this one http://www.groklaw.net/article.php?story=20051029224050493 Follow some of the links to other articles. PM Lyman wrote: > Dan, > I have a few questions re your post below. > > 1) You said not to put a cd in the cd drive of a Windows machine. Does that > mean not even to play it? > 2) I searched for any files w/ $sys$ in the name and did not find any. I > also did the test, creating a $sys$.txt file. It did not disappear when I > hit refresh. Are the $sys$ files installed by Sony's rootkit? > 3) You said if you do find a $sys$ file and remove it, it disallows access to > the cd drive. Why remove it, then? Does the $sys$ file prevent you from > ripping songs? > 4) Would an ordinary disc copy (not rip) be affected by the rootkit? > 5) Other than saying, don't put any Sony discs from up to 3 months old in > your computer, is there any way to detect the presence of rootkit software? > 6) Do you recommend downloading the software from Sophos on the link your > provided below? The site said "This version of the tool detects and disables > the Sony DRM cloaking copy protection technology (which Sophos refers to as > Troj/RKProc-Fam)." I haven't bought anything from Sony recently, and I > passed the test, so what would be the effect of running the tool on an > uninfected machine? Would it provide protection for the future in case I run > into the Sony rootkit? > > I buy cds all the time, and I usually rip them to mp3. I really appreciate > your heads-up. I definitely don't have time to rebuild my operating system > on a consistent basis. I'm thinking about just getting a ripper computer. > > Thanks. > PM Lyman > > ----- Original Message ----- > From: Dan Fuller > To: budheads ; [EMAIL PROTECTED] ; The Onion ; radiohum ; sat_dx ; > satellitetv ; sftvnews ; sftvtalk ; Tom & Darryl ; TVRO > Sent: Thursday, November 10, 2005 5:04 PM > Subject: [TVRO] [Whitmores_Announcements] BMG (Sony) RootKit on some audio > CDs > > From another list: This is OT for some of the lists but very important to > pass > along. > [Whitmores_Announcements] BMG (Sony) RootKit on some audio CDs > > Greetings: > > I have been watching and reading about this for several days, > and feel it's time to spread the news. > > There is good news and bad news. The good news is I believe it affects > only Windows machines. > The bad news is all you have to do is play one of these audio CDs to > infect your machine. > > Sony/BMG music has put some software on some twenty of their new music > CDs, intended to prevent casual copying. In itself, that is not such a > bad thing. The problem is twofold: > > 1) The software, knows as a rootkit, hides itself, and any file with > $sys$ as the first part of its name, so users cannot find it using any > standard means, such as Windows Explorer or virus/spyware scanners. > There are rootkit revealers that will find it. > > 2) If you do find it, and successfully remove it, it almost always > breaks access to the system's CDROM drive(s), and no one has found a > fix, short of rebuilding the Windows operating system. > > The real bad news is that as expected, virus writers didn't waste any > time developing Trojan horse programs that exploit this > vulnerability/feature. > > See: http://www.sophos.com/pressoffice/news/articles/2005/11/stinxe.html > > Wherein find: > > <snip> > Trojan horse exploits Sony DRM copy protection vulnerability > Sophos issues tool to detect and disable "cloaking" flaw exploited by > Trojans Music CD > The Trojan horse exploits a vulnerability introduced by Sony's CD copy > protection software. > > Experts at SophosLabsT, Sophos's global network of virus and spam > analysis centres, have detected a new Trojan horse that exploits the > controversial Sony DRM (Digital Rights Management) copy protection > included on some of the music giant's CDs. > > The Troj/Stinx-E Trojan horse appears to have been deliberately spammed > out to email addresses, posing as a message from a British business > magazine. > > Typical emails look as follows: > > Subject: Photo Approval Deadline > > Message body: > Hello, > Your photograph was forwarded to us as part of an article > [truncated] > > </snip> > > There's lots more reading at: > http://www.theregister.co.uk/2005/11/10/sony_sued_for_rootkit/ > > I do not yet have a list of titles with the software on them, but the > new Van Zant album is one mentioned. > > Bottom line: If you have any relatively new audio CDs made by Sony/BMG > (Say, less than three months old) DO NOT put them into any Windows based > PC. If you already have, don't panic. The known effects are to break the > system's ability to copy CDs, and the potential for getting a Trojan on > your machine. Remember that removing the rootkit will almost certainly > break your ability to use the CDROM drive(s). > > Let me know if you have a machine that may be infected. > One quick test that may work, is to make a text file, and name it $sys$.txt > See if it disappears as soon as refresh the folder. I tried this on my > machine, > and the file remained visible. Let me know if you have a machine that > fails this test. > > Paul > > Community email addresses: > Post message: mailto:[email protected] > Subscribe: mailto: [EMAIL PROTECTED] > Unsubscribe: mailto:[EMAIL PROTECTED] > List owner: mailto:[EMAIL PROTECTED] > Shortcut URL to this page: > http://www.groups.yahoo.com/group/TVRO > > ------------------------------------------------------------------------------ > YAHOO! GROUPS LINKS > > a.. Visit your group "TVRO" on the web. > > b.. To unsubscribe from this group, send an email to: > [EMAIL PROTECTED] > > c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. > > ------------------------------------------------------------------------------ > > [Non-text portions of this message have been removed] > > > Community email addresses: > Post message: mailto:[email protected] > Subscribe: mailto: [EMAIL PROTECTED] > Unsubscribe: mailto:[EMAIL PROTECTED] > List owner: mailto:[EMAIL PROTECTED] > Shortcut URL to this page: > http://www.groups.yahoo.com/group/TVRO > > Yahoo! Groups Links > > > > -- Bumper sticker of the year: If you can read this, thank a teacher....and since it's in English, thank a soldier." ------------------------ Yahoo! Groups Sponsor --------------------~--> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your home page http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/EyMolB/TM --------------------------------------------------------------------~-> Community email addresses: Post message: mailto:[email protected] Subscribe: mailto: [EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] List owner: mailto:[EMAIL PROTECTED] Shortcut URL to this page: http://www.groups.yahoo.com/group/TVRO Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/TVRO/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
