Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sony Rootkit CD providers!

xtracto (837672) writes | more than 8 years ago

User Journal 44

Update, November 17:
Sony has made available an official list of the CD's that contain the XCP copy protection. The list can be read HERE.

As stated on the story: Sony DRM Installs a Rootkit, it seems that some of Sony's disks install a rootkit on your system after you try to listen them on your PC.

Why does it matter?

Update, November 17:
Sony has made available an official list of the CD's that contain the XCP copy protection. The list can be read HERE.

As stated on the story: Sony DRM Installs a Rootkit, it seems that some of Sony's disks install a rootkit on your system after you try to listen them on your PC.

Why does it matter?

A rootkit is A type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection. It runs at the lowest level of the machine and typically intercepts common API calls."

It is dangerous because hackers and virus writers can use it to help the attacker [hacker] to maintain his or her access to the system and use it for malicious purposes

On this page one of the developers at SysInternals explains what and how is the rootkit installed WITHOUT ASKING YOU when you insert any of the affected AUDIO CD's to play them on your computer running WINDOWS

Which CD's?
I have made a list of the CD's that are "Enhanced" and "Copy Protected" from sony with the XCP copy protection that provides a Rootkit.

It is easy to get an "up to date" list with
this google query.

The list of CD's so far are:
Nothing Is Sound. Switchfoot
Unwritten [CONTENT/COPY-PROTECTED CD] [ENHANCED]
Natasha Bedingfield

Ride [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
Shelly Fairchild
12 Songs [CONTENT/COPY-PROTECTED CD]
Neil Diamond
Touch [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
Amerie
Bloom Remix Album [CONTENT/COPY-PROTECTED CD] [ENHANCED]
Sarah McLachlan
Kasabian [CONTENT/COPY-PROTECTED CD]
Kasabian
The Essential Pete Seeger [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD] [ORIGINAL RECORDING REMASTERED]
Pete Seeger
Jeru [CONTENT/COPY-PROTECTED CD] [ENHANCED] [ORIGINAL RECORDING REMASTERED]
Gerry Mulligan
Times Like These [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
Buddy Jewell,
Bob Brookmeyer & Friends [CONTENT/COPY-PROTECTED CD] [ORIGINAL RECORDING REMASTERED]
Bob Brookmeyer
Healthy In Paranoid Times [CONTENT/COPY-PROTECTED CD] [ENHANCED]
Our Lady Peace
Cautivo [CONTENT/COPY-PROTECTED CD] [DUALDISC]
Chayanne
The Invisible Invasion [CONTENT/COPY-PROTECTED CD]
Coral, The Coral
Defined [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
Amici Forever
Suspicious Activity [CONTENT/COPY-PROTECTED CD] [ENHANCED]
The Bad Plus
Manhattan Symphonie [CONTENT/COPY-PROTECTED CD] [ORIGINAL RECORDING REMASTERED]
Dexter Gordon
Phantoms [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
Acceptance
On Ne Change Pas [CONTENT/COPY-PROTECTED CD]
Celine Dion

Get Right with the Man [CONTENT/COPY-PROTECTED CD]
Van Zant
To Love Again [CONTENT/COPY-PROTECTED CD] [ENHANCED]
Chris Botti
Life [CONTENT/COPY-PROTECTED CD] [DUALDISC]
Ricky Martin
The Essential Dion [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD] [ENHANCED] [ORIGINAL RECORDING REMASTERED]
Dion
Faso Latido [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD]
A Static Lullaby
Change It All [CONTENT/COPY-PROTECTED CD]
Goapele

Susie Suh [CONTENT/COPY-PROTECTED CD]
Susie Suh

My Very Special Guests [CONTENT/COPY-PROTECTED CD] [CONTENT/COPY-PROTECTED CD] [ORIGINAL RECORDING REMASTERED]
George Jones

Broken Valley [CONTENT/COPY-PROTECTED CD]
Life of Agony
Silver's Blue [CONTENT/COPY-PROTECTED CD] [ENHANCED] [ORIGINAL RECORDING REMASTERED]
Horace Silver
Z [CONTENT/COPY-PROTECTED CD] [ENHANCED]
My Morning Jacket
The 60s [CONTENT/COPY-PROTECTED CD]
The Dead 60s

What Can I do?
It is important to note that if you have tried to listen any of the above mentioned CD's your computer may have the rootkit installed. Hence, your system may be in danger of being hacked.

If you feel outraged because of this, you can write to the artists and complain about the problem. Tell them that their CD breaks your system as it opens a security hole.

If you think that there are other CD's which should be on this list please feel free to list them in a comment, also if you think any of the listed CD's DOES NOT actually have this problem please also state it in a comment.

Thank you!.

UPDATE:
November, 07. 2005

Mark Russinovich has posted a new entry on his blog showing some quite interesting and not less nasty behaviours of the fix "patch" provided by sony.

I found very interesting some of the comment posts in response of its blog entry. Specifically the one made by an author named xcp support who presumably represent the company behind the XCP technology.

On that post she states the following:

Blog: He claims that the patch itself could cause a blue-screen, although he says the risk is small.

Answer: This is pure conjecture. F4I is using standard Windows commands (net stop) to stop their driver. Nothing more.

There, she is trying to discredit the information provided by Russinovich's work. Stating that the program uses "standard windows commands". While that is certainly true, Russinovich shown on his post the specific state of the system that would cause the system failure.

Now, more interesting is a post from another user, Matt Nikki: ...If you want a more concrete proof, try to rename your favourite ripping software as $sys$whatever.exe and then run it again. You'll notice that the DRM system can no longer detect it, and thus you'll get good copy of the track you try to rip instead of one filled with noise.

So, that means that if someone wanted to make illegal copies of the CD's listed before, they just needed to rename one file!. Thus, at the very end it is Sony's technology who is providing the means to bypass its own copy protection technology.

People won't need to disassemble or hack/crack and or reverse engineer anything. Just rename a simple file.

Ironic no?

List Update
Anyway, here is an update of the list as of today.
For those who asked, no the links above aren't any kind of referral links. This means I will not get any money if anyone clicks those links and/or buy those CDs.

To make this list I am only making a google search as I stated before and then manually parsing the entries.

Life In Slow Motion David Gray
Elizabethtown [SOUNDTRACK] Various Artists
Golden Elkland
Aha Shake Heartbreak Kings of Leon
Unfabulous And More: Emma Roberts [ENHANCED] Emma Roberts
Vivian Vivian Green
Dreamin' My Dreams [ENHANCED] Patty Loveless
Mary Mary [ENHANCED] Mary Mary
Never Gone Backstreet Boys
Aha Shake Heartbreak Kings of Leon
Friendship [ORIGINAL RECORDING REMASTERED] Ray Charles
Juego De Amor [Copy Protected CD] ~ Antony Santos
On Your Shore Charlotte Martin
Brown Sugar Various Artists
Blue Skies Diana DeGarmo
I'm a Hustla [EXPLICIT LYRICS] Cassidy
Hero Kirk Franklin
All That I Am Santana

List last updated:
November, 09. 2005 (13:08 GMT)
(The most up to date list can be found HERE)

cancel ×

44 comments

Sorry! There are no comments related to the filter you selected.

thanks (1)

shams42 (562402) | more than 8 years ago | (#13932771)

Thank you so much for doing this!

typos discredit your cause (1, Insightful)

Fahrvergnuugen (700293) | more than 8 years ago | (#13932831)

brakes != breaks

Re:typos discredit your cause (1)

burden123 (535350) | more than 8 years ago | (#13950448)

who besides yourself has time to notice crap like that?

Re:typos discredit your cause (0)

Anonymous Coward | more than 8 years ago | (#13952516)

Hopefully anyone who can read English notices when it's been slaughtered. There's no excuse for not knowing your native language. It's especially shameful when your employment is based on it.

Re:typos discredit your cause (2, Funny)

xtracto (837672) | more than 8 years ago | (#13968609)

There's no excuse for not knowing your native language.

Unforunately for the grammar Nazi inside you, English is not my native language.

Mas sería interezante ver que tanto dominas otro lenguaje que no sea Inglés.

Re:typos discredit your cause (1)

mfarah (231411) | more than 8 years ago | (#13998766)

"Mas sería interezante ver que tanto dominas otro lenguaje que no sea Inglés."

How about "Sería interesante ver cuánto dominas un lenguaje que no sea inglés"?

Oh well... I've become one of those> .

Re:typos discredit your cause (0)

Anonymous Coward | more than 8 years ago | (#13999263)

Xtracto, the correct term is "interesante" with S instead of Z :P

Re:typos discredit your cause (0)

Anonymous Coward | more than 8 years ago | (#13997251)

Any English-speaker with more than an elementary school education?

Idiot.

Re:typos discredit your cause (1)

BobPaul (710574) | more than 8 years ago | (#13998860)

who besides yourself has time to notice crap like that?

Time? I don't think anyone who points out grammatical and spelling errors has to read the passage slowly or multiple times. These things stick out like purple giraffes to many people and are noticed on the first read only. Thus, if you read the passage, you spent the same amount of time noticing mistakes as the grammar nazi who pointed it out... he just did a better job ;p

The artists have little to no say in the matter (2, Interesting)

Bill Hayden (649193) | more than 8 years ago | (#13933605)

You mention that we should contact the artists. Switchfoot have very publicly stated that a) they are unhappy about the DRM, b) that they were unaware that it would be on there, c) that they can't really do anything about it. Artists are pretty powerless in the grand scheme of music distribution.

Re:The artists have little to no say in the matter (1)

dubiousmike (558126) | more than 8 years ago | (#13934695)

That's fine, but at leastthey are aware now. It would be cool if some of the larger Sony artists would force Sony to keep their root kit out of their work in future releases.

Please (1)

SPYvSPY (166790) | more than 8 years ago | (#13936126)

I hear this all the time. Artists are not powerless against the music publishing/distro business. Think about it: if artists don't make music, there's nothing to distribute. The real problem is that music publishing/distro has reduced artists to fungible goods by ensuring that artist management, lawyers and producers are in collusion to rob the artist of their leverage. Most artists (esp. those new to the business) are just too niave for their own good. If they bothered to defend themselves properly, or if they hired someone to do that, they wouldn't be so screwed. Hell, all most bands need to do is refrain from signing the A&R dude's deal memo. It's such a cop out to pretend that artists don't have a responsibility to avoid bad deals.

Re:Please (1)

noigmn (929935) | more than 8 years ago | (#13994404)

Artists also have a lot more media power than the record companies. The public likes artists and hates record companies, so where do you think the public are going to side if the artists decide to make a stand? And as much as the companies think they are above public opinion, they aren't. If they lose the siding of the public in large enough proportions, the laws they misuse get ammended, no artists sign with them and no one buys their goods.

Re:The artists have little to no say in the matter (0)

Anonymous Coward | more than 8 years ago | (#13997157)

Pff... you throw a six figure+ contract in my face and ask to sign the line. The furthest thing from my mind is that the CD could possibly leave some Windows machine vulnerable. Aside from ripping, who listens to CDs in their computer?

Get a stereo.
You could always stick with vinyl. It sounds better anyway. :)

Re:The artists have little to no say in the matter (0)

Anonymous Coward | more than 8 years ago | (#13999928)

You're absolutely right. Unfortunately, these artists are every bit the victim we are - probably more. Now that I see which artists are on the Sony label, I'll know not to buy their CDs. The iTunes music store, is an exception, mind you =) But in the grand scheme of things, these artists are losing what little money they do make from CD sales because the name "Sony" is on their label.

Despite the list, the only real safe way to keep a rootkit off your PC (*cough* so glad I use a Mac *cough*) is to simply not buy anything that says "Sony". And because of that simple fact, these well-deserving artists will not see the true fruits of their labor.

are those referral links? (0)

Anonymous Coward | more than 8 years ago | (#13935555)

Don't buy these CD's -- here's a referral link!

Re:are those referral links? (1)

AaronCampbell (826767) | more than 8 years ago | (#13998186)

No, amazon referral links have the amazon associate ID in them. A referral like looks like this (bold part makes it a referral link:
http://www.amazon.com/exec/obidos/ASIN/B0009XT8Y2/ giftlistusa-20 [amazon.com]
His links look like this:
http://www.amazon.com/exec/obidos/tg/detail/-/B000 9XT8Y2/102-5413961-8783357?v=glance [amazon.com]
or this:
http://www.amazon.com/exec/obidos/ASIN/B0009XT8Y2 [amazon.com]
Notice the lack of an associate ID (afaik, they always end in -20, but even so, it's obviously missing)?

Possible Rootkit CD (1)

fondy44 (928277) | more than 8 years ago | (#13944778)

Dave Matthews Band - Stand Up

Re:Possible Rootkit CD (1)

MonkeyCoder99 (928468) | more than 8 years ago | (#13950331)

Dave Matthews Band - Stand Up does not include the Rootkit software. The software on the CD is from a different company "Sunncomm"

Oh no! My ears! (1)

The Angry Mick (632931) | more than 8 years ago | (#14001623)

The software on the CD is from a different company "Sunncomm"

Uh oh. That's the same company that recently denied they were planning on developing a DRM kit that would shatter the eardrums [theregister.co.uk] of those evil P2P downloaders. Hope they're telling the truth . . . ;-)

Something else you can do (1)

msouth (10321) | more than 8 years ago | (#13948092)

I followed your link to amazon.com for one album and marked all the reviews that mentioned the DRM problem as "helpful". They are already running so high that they come up first, but it would be good to make sure it stays that way.

what you can do (0)

Anonymous Coward | more than 8 years ago | (#13950393)

turn off autorun already, you tards.

The Above List (2, Interesting)

Sevnn (824266) | more than 8 years ago | (#13955477)

The Above List can be compared and will be identical to the list of cd's that I will never buy for any reason. Sony was collectively stupid for thinking that this software would not be discovered. I do feel sorry for any artist who has signed with Sony and was not made aware of this sort of devious business practices. I hope they are able to leverage their contacts against Sony for possible lost sales or some manner of misrepresentation.

http://www.pcworld.com/news/article/0,aid,123432,0 (0)

Anonymous Coward | more than 8 years ago | (#13956693)

You're famous.

Sony and others don't care - they wish CD died (2, Insightful)

Ron Bennett (14590) | more than 8 years ago | (#13956695)

Sony and other labels don't seem to care much about public perception - it's very telling how Sony released a "patch" that doesn't remove any of the copy protection, but simply "reveals" the files; are working with various anti-virus software companies to ensure such files are skipped and not labeled as a trogan, which of course it actually is.

Perhaps many of the music labels wish the music CD format would die and be replaced with something else - embedding "trojans" is definitely speeding up the music CDs demise ...

And in the longrun that will hurt the labels - even now with all the on-line music options, many people still buy music CDs because they are simple to buy, familiar, easy of use, etc ... and likely would continue do so for many years - but with such trojan nonsense, that could be in doubt ... people in droves will stop buying them if they believe such products won't work properly / damage their computer.

Ron

Re:Sony and others don't care - they wish CD died (0)

Anonymous Coward | more than 8 years ago | (#14005543)

I'm not buying anything until I know this is all sorted out!

Anonymous Coward

Here's another CD to add to the list: (0)

Anonymous Coward | more than 8 years ago | (#13964089)

The CD "Z" by My Morning Jacket

Similar Search (1)

llbbl (822233) | more than 8 years ago | (#13966739)

Searching Amazon with similar search [google.com] as the one you have posted returns slightly more CD's. 44 results instead of 36 as of today.

I guess Matt Nikki can prepare to be DMCAed (0)

Anonymous Coward | more than 8 years ago | (#13991413)

That file renaming sure seems like disseminating a anti-copy circumvention technique. Geez, the DMCA suit surely cannot be far behind, right Sony?

ADVERTISEMENT: Sony Class Action Lawsuit (4, Interesting)

1to1law (929883) | more than 8 years ago | (#13992230)

If you are a resident of California and/or have purchased one of the Sony/Columbia music CDs with the First 4 Internet DRM schemes in California, please contact me at eleeAT1to1lawDOTcom. Please SAVE your receipt and if possible, take a screenshot of the CD playing software installed on your computer. I'm an attorney in Los Angeles, California and I'm investigating bringing a class action lawsuit against Sony. The foregoing is an ADVERTISEMENT. I am licensed to practice law in the jurisdictions of California and New York only.

Don't forget about Sony's BMG label too! (1)

GeeBee75 (871772) | more than 8 years ago | (#13993504)

Another CD: (This one got me dammit!) Nickelback - All The Right Reasons This practice is criminal and should be outlawed. How dare Sony think they have the right to install software on my computer secretly that I can't remove. To hell with their IP rights - what about the rights of consumers!

Re:Don't forget about Sony's BMG label too! (1)

GeeBee75 (871772) | more than 8 years ago | (#13994105)

Seems I got my labels crossed. Although the aformentioned Nickelback CD is protected, its not a Sony label its EMI. EMI claims that their software is not installed without user permission (although I don't recall giving permission) and that it can be removed. More here -> www.emimusic.info Sony still sucks for using a kernel hack for their stuff though.

Has anyone spelunked SONY DVDs for more RKs? (0)

Anonymous Coward | more than 8 years ago | (#13993731)


I haven't, to my knowledge, played any of the "infested" SONY/BMG music CDs on any computers I associate with; so I am not able to independently conduct further investigations in the role of a SONY-First4Internet victim...

But it is very clear from SONY/BMG's so-called "FAQ" that the *defacto malware* they install is a "media player" and not merely an audio/CD player.

This then begs the question of whether or not the SONY-First4Internet rootkit (or any variation, carrying the same end result of system compromise) co-infests any of SONY's massive DVD offerings.

I am being an Anonymous Coward here, because I do not want to place myself as an open target on any "SONY Consumer Blacklist" -- yes, they absolutely do maintain that sort of thing.

Re:Has anyone spelunked SONY DVDs for more RKs? (1)

The Wicked Priest (632846) | more than 8 years ago | (#13996867)

A lot of recent DVDs I've gotten want to install something. I dunno what; I don't let them. But they pop up a notice asking for Administrator access, so they can install. (I run as Limited. I should also turn off autorun, I know.)

I'll try to remember to keep track of who's doing it in the future.

You... (1)

Short Circuit (52384) | more than 8 years ago | (#13996888)

...are about to get more comments in your journal than you've probably had before.

There's a Slashdot article linking to it, posted in the Mysterius Future.

Foo Fighters album DOES NOT use rootkit (0)

Anonymous Coward | more than 8 years ago | (#13998190)

It's worth pointing out that the Foo Fighters album referenced above uses the Sunncomm "copy protection" scheme, and not Sony's rootkit. Disabling autorun will prevent it from installing its software, enabling the use of iTunes or EAC to extract the disc for backup. Or, if you have a Mac, do nothing. The discs work perfectly fine.

What kills me is they put a label on the disc which says that you MUST have a special player for computers, and they point Mac users to a website to download one. Do they really expect people to be that stupid? iTunes works just fine, and I was able to make a copy, erm BACKUP, yes... of the album without difficulty.

Re:Foo Fighters album DOES NOT use rootkit (1)

xtracto (837672) | more than 8 years ago | (#13998382)

fixed, thank you for your support!

Add to the list: (1)

Nitemare409 (930082) | more than 8 years ago | (#13998562)

Something to Be Proud Of - Montgomery Gentry

Re:Add to the list: (1)

saskboy (600063) | more than 8 years ago | (#14002080)

" Something to Be Proud Of "

I bet Montgomery and Gentry aren't too proud of this. Oh the irony. Van Zant's "Get Right with the Man" is pretty ironic too, although they are talking about God as the Man, not Big Brother.

Re:Add to the list: (1)

Nitemare409 (930082) | more than 8 years ago | (#14003060)

Well their answer email was not stellar, but it is one of the people working for them: Reply email from Montgomery Gentry re DRM: Thanks for taking the time to send your complaint. I have forwarded it onto management and Sony music. Thanks,

Re:Add to the list: (1)

RocketJeff (46275) | more than 8 years ago | (#14004767)

An interesting point is that 'Something to be Proud Of' is available on the iTunes store. At $9.99 on the iTunes store it's cheaper then the copy protected CD, it's easier to remove the DRM and you can't infect your Windows machine with a root-kit. Sounds like a winner all the way around...

Re:Add to the list: (1)

Nitemare409 (930082) | more than 8 years ago | (#14005160)

True enough but at Circuit City where I bought it, I also got a 12 song sampler (more popular country music) so it was worth slightly more than the $11.99 I paid for mine.

Heads up (1)

DopplerDeffect (930163) | more than 8 years ago | (#14001476)

XCP != Sunncomm's MediaMax

another artist and cd to add (1)

somer78a (930382) | more than 8 years ago | (#14009785)

Velvet Revolver - Contraband. This is under the RCA label which is a unit of BMG. The writing on the packaging indicates this. Unfortunately, last year when I purchased the cd, I had no idea that playing the disc on my PC and agreeing to the EULA installation was going to cause so many issues.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>