Re: speaking of rootkits

At the risk of possibly repeating an earlier posting ...

----------------------

Sophos has issued a tool which will detect the existence of Sony's DRM
copy-protection on Windows computers, disable its "cloaking" function, and
prevent that functionality from re-installing. The tool also detects
versions of the Troj/Stinx Trojan horse which exploit the Sony
vulnerability.

Troj/RKProc-Fam and Troj/Stinx disinfection instructions

http://www.sophos.com/support/disinfection/rkprf.html

------------------

I've downloaded and virus-checked the RKPRFGUI file - no problems. I've run
it, and the results are below FYI only. Admittedly, I don't use my computer
to play CDs, so I didn't expect to have the tool find anything. A screen
shot of the util is also included. Scanning two 40-gig drives took 5
minutes.


RESOLVE Version 1.07

Copyright (c) 2004, Sophos Plc, www.sophos.com


System disinfection for Troj/RKProc-Fam
Data Version 1.01

System scan started at 22:01 on 11 November 2005

Checking services

Checking for files affected by Troj/RKProc-Fam

Scanning C:
Scanning D:
Scanning E:


Checking for Troj/RKProc-Fam in memory

Scanning C:
Scanning D:
Scanning E:

Checking for registry keys affected by Troj/RKProc-Fam


System scan finished at 22:06 on 11 November 2005



--

Randy Birch
MS MVP Visual Basic
http://vbnet.mvps.org/
----------------------------------------------------------------------------
Read. Decide. Sign the petition to Microsoft.
http://classicvb.org/petition/
----------------------------------------------------------------------------



"Sparky Spartacus" <Sparky@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:gX1bf.528$oP5.156@xxxxxxxxxxx
: washingtonpost.com
:
: Study of Sony Anti-Piracy Software Triggers Uproar
: File-Hiding Technique Alarms Security Researchers; Developer Offers Patch
:
: By Brian Krebs
: washingtonpost.com Staff Writer
: Wednesday, November 2, 2005; 6:50 PM
:
: Irate music fans who posted to dozens of online blogs vowing to never
: again buy Sony CDs as long as the company keeps using a suddenly
: beleaguered anti-piracy software program may find that their outbursts
: have been partially rewarded today.
:
: On the heels of the Internet uproar over security concerns with its
: copyright-protection measures, the company that developed the software
: for recording-industry giant Sony BMG Music Entertainment says it is
: providing computer users with a "patch file" that will mitigate some of
: the features that alarmed security researchers when they were discovered
: earlier this week -- especially the program's built-in ability to hide
: files on the user's system.
:
: Privacy and security experts charged that the technology built into many
: of Sony's music CDs since March is unnecessarily invasive and exposes
: users to threats from hackers and virus writers.
:
: "Here you have one of the biggest name-brand corporations on the planet
: getting into what many people in other circumstances would consider
: hacking," said Richard Smith, a security and privacy consultant based in
: Boston. "That's just not acceptable."
:
: Earlier this week, computer security researcher Mark Russinovich
: published an analysis showing that some new Sony CDs install software
: that not only limits the copying of music on the discs, but also employs
: programming techniques normally associated with computer viruses to hide
: from users and prevent them from removing the software.
:
: Russinovich's findings -- posted on the Web site
: (http://www.sysinternals.com/) that he runs with another researcher --
: indicated that the CDs in question use software techniques that behave
: similarly to "rootkits," software tools that hackers can use to maintain
: control over a computer system once they have broken in.
:
: He found that traditional methods of uninstalling the program would not
: work, and that attempts at removing it corrupted the files needed to
: operate his computer's CD player, rendering it useless.
:
: Sony spokesman John McKay said the technology has been deployed on just
: 20 titles so far, but that the company may include it on additional
: titles in the months ahead.
:
: The music industry is aggressively defending its works from Internet and
: other forms of piracy, going so far as to sue individuals alleged to be
: trading large numbers of song titles online. The industry loses roughly
: $4.2 billion worldwide to piracy each year, according to the Recording
: Industry Association of America.
:
: Russinovich discovered that the techniques employed by the Sony program
: to conceal its files from the user and to make them harder to remove
: could also be used by virus writers and hackers to hide malicious files
: on any computer running the anti-piracy program.
:
: In response to criticisms that intruders could take such advantage,
: First4Internet Ltd. -- the British company that developed the software
: -- will make available on its Web site a software patch that should
: remove its ability to hide files, chief executive Mathew Gilliat-Smith
said.
:
: Russinovich called the offer of a patch "backpedaling and damage control
: in the face of a public-relations nightmare" and emphasized that users
: who try to remove the files manually after applying the fix will still
: ruin their CD-Rom drives.
:
: Sony's move is the latest effort by the entertainment companies to rely
: on controversial "digital rights management" (DRM) technologies to
: reverse a steady drop in sales that the industry attributes in large
: part to piracy facilitated by online music and movie file-sharing
: networks like Kazaa and Limewire.
:
: DRM technologies by their very nature need to be secretive, according to
: Peter Ullman, a partner with Wood*** Washburn, a Philadelphia law firm
: that specializes in intellectual property matters.
:
: "If the software is put there to protect valuable content from being
: misused, then the software has to be able to protect itself from being
: subverted, so the companies that produce this security technology tend
: not to want to publicize how their technology works," Ullman said.
:
: At issue is whether Sony has provided customers with adequate notice
: about what they can expect when installing the software, said Ari
: Schwartz, deputy director of the Washington-based Center for Democracy
: and Technology.
:
: "Sony needs to be more transparent in how and what they're installing so
: that consumers can make informed decisions," Schwartz said.
:
: Windows users cannot listen to tracks on the CD without agreeing to
: install the anti-piracy program, which merely advises that "it will
: install a small proprietary software program" that will remain there
: "until removed or deleted."
:
: But according to Mikko Hypponen, director of research for Finnish
: antivirus company F-Secure Corp., users who want to remove the program
: may not do so directly, but must fill out a form on Sony's Web site,
: download additional software, wait for a phone call from a technical
: support specialist, and then download and install yet another program
: that removes the files.
:
: Hypponen agreed that Sony's software could help hackers circumvent most
: antivirus products on the market today. He added that installing the
: Sony program on a machine running Windows Vista -- the beta version of
: the next iteration of Microsoft Windows -- "breaks the operating system
: spectacularly."
:
: While the anti-piracy software allows consumers to make a limited number
: of additional copy-protected discs, it also imposes compatibility and
: portability constraints. Users of Apple Inc.'s iPod -- the dominant
: portable media player on the market -- have no way of transferring
: tracks from protected Sony CDs to their device, since Apple has not yet
: licensed its own DRM technology for use with copy-protected discs.
:
: "We're still in this new digital era where the entertainment industry
: wants to protect ... their content, without due consideration of the
: consumer's right to use that content in a fair way," Russinovich said.
: "We need to have an open discussion as to where we should draw the line."
:
: David Eisner, a blogger and software developer at the University of
: Maryland's Computer Aided Life Cycle Engineering Center, believes the
: record label's actions will ultimately backfire and drive otherwise
: legitimate customers to download pirated music from the online
: file-sharing networks.
:
: "The people they're trying to stop from stealing their music are always
: going to find a way around these types of technologies," Eisner said.
: "Sony is just hurting people who obtain their products legally, and many
: of these same people are now going to think twice about doing so."
: ) 2005 Washingtonpost.Newsweek Interactive

.

Loading