[OT] Sony music installs secret malware gateway

Richard Gaskin ambassador at fourthworld.com
Fri Nov 11 01:23:36 CST 2005

We were recently discussing the pros and cons of Windows auto-run files 
for CDs.  It turns out that the biggest threat isn't some 14-year-old 
with a grudge -- it's one of the world's largest corporations:

Posted on Thu, Nov. 10, 2005
Viruses exploit Sony CD copy-protection scheme

SAN JOSE, Calif. (AP) - A controversial copy-protection program that 
automatically installs when some Sony BMG audio CDs are played on 
personal computers is now being exploited by malicious software that 
takes advantage of the antipiracy technology's ability to hide files.

The Trojan horse programs -- three have so far been identified by 
antivirus companies -- are named so as to trigger the cloaking feature 
of Sony's XCP2 antipiracy technology. By piggybacking on that function, 
the malicious programs can enter undetected, security experts said Thursday.

``This could be the advanced guard,'' said Graham Cluley, senior 
technology consultant at the security firm Sophos. ``We wouldn't be 
surprised at all if we saw more malware that exploits what Sony has 

The copy protection program is included on about 20 popular music 
titles, including releases by Van Zant and The Bad Plus, and disclosure 
of its existence has raised the ire of many in the computing community, 
who consider it to constitute spyware.

Sony BMG Music Entertainment and the company that developed the 
software, First 4 Internet, have claimed that the technology poses no 
security threat. Still, Sony posted a patch last week that uncloaks 
files hidden by the software.

On Thursday, Sony released a statement ``deeply regretting any 
disruption that this may have caused.'' It also said it was working with 
Symantec and other firms to ensure any content-protection technology 
``continues to be safe.''

Neither Sony spokesman John McKay nor First 4 Internet CEO Mathew 
Gilliat-Smith returned messages seeking additional comment.

Windows expert Mark Russinovich discovered the hidden copy-protection 
technology on Oct. 31 and posted his findings on his Web log. He noted 
that the license agreement that pops up said a small program would be 
installed, but it did not specify it would be hidden.

Manual attempts to remove the software can disable the PC's CD drive. 
Sony offers an uninstallation program, but consumers must request it by 
filling out two forms on the Internet.

``What they did was not intentionally malicious,'' Cluley said. ``If 
anything, it was slightly inept.''

The copy-protection software, which Sony says is a necessary ``speed 
bump'' to limit how many times a CD is copied, only works on 
Windows-based PCs. Users of Macintosh and Linux computers are not 

The viruses also only target Windows-based machines.

The infection opens up a backdoor, which could be used to steal personal 
information, launch attacks on other computers and send spam, antivirus 
companies said.

More at slashdot:

  Richard Gaskin
  Fourth World Media Corporation
  Ambassador at FourthWorld.com       http://www.FourthWorld.com

More information about the use-livecode mailing list