Don't Buy Sony Music CDs -- Installs rootkits

In continuation of Finks last post...

Quote:

---

Someone in the Netherlands did a decompile on the XCP rootkit that has gotten most of the attention lately. It seems that parts of the rootkit use the LAME mp3 encoder, which is licensed under the Lesser GPL. That means by delivering only an executable (the rootkit) without source or crediting, XCP violates the GPL Violating the GPL puts Sony at massive legal risk for—wait for it—copyright infringement.

---

http://www.security.ithub.com/articl...05dtx1k0000599

Ahhhhhhhhhhhhh, now wouldn't it just be nice if Sony was sued for hundreds of millions of $ for copyright infringement as well as by the consumers? :)

Thanks for the heads up! I did a scan on my system and didn't find any root kits. Here is a list of songs/albums with the rootkit on it.

Sony BMG CDs with XCP software
— Trey Anastasio, Shine (Columbia)
— Celine Dion, On ne Change Pas (Epic)
— Neil Diamond, 12 Songs (Columbia)
— Our Lady Peace, Healthy in Paranoid Times (Columbia)
— Chris Botti, To Love Again (Columbia)
— Van Zant, Get Right with the Man (Columbia)
— Switchfoot, Nothing is Sound (Columbia)
— The Coral, The Invisible Invasion (Columbia)
— Acceptance, Phantoms (Columbia)
— Susie Suh, Susie Suh (Epic)
— Amerie, Touch (Columbia)
— Life of Agony, Broken Valley (Epic)
— Horace Silver Quintet, Silver's Blue (Epic Legacy)
— Gerry Mulligan, Jeru (Columbia Legacy)
— Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
— The Bad Plus, Suspicious Activity (Columbia)
— The Dead 60s, The Dead 60s (Epic)
— Dion, The Essential Dion (Columbia Legacy)
— Natasha Bedingfield, Unwritten (Epic)
— Ricky Martin, Life (Columbia)

Please add the foo foo fighters and the dave mathews band to my list of infected CD's!

Also Sony has now made my ban list!

Seriously, Somebody needs to go to jail over this. I have read that the root kit causes Microsoft Media Center to crash completely with blue screens of death.

Even if Sony recalls the cd's which they are doing..... the damage is done. For me to take them off my ban list I would have to see a setelment of a substaintial amount for every person who purchased a cd or jail time for most of the BMG department heads.

Are you aware that even if you use the removal tool from Sony, it has been reported that your computer is still vulnerable to attack as it leaves a security hole. Thats just great!

Also the Microsoft Malicious Software Removal Tool is only for Win 2000 and above leaving many Win ME, and Win 98SE and below users open for attacks. This is not Microsofts Fault and we know who is at fault and they sould pay for this crime shouldn't they?

The more I read about this the sicker it gets!

I am very dissapointed in SONY!! It will be hard for me to get over this if at all! I even use a Sony Laptop too (PCG NVR-23)! Makes me sick it really does!

You can run a beta test scan on your computer for rootkits. Here is the link to Kaspery Labs http://www.f-secure.com/blacklight/try.shtml

Note: The F-Secure BlackLight Beta only works on 32-bit Windows 2000, Windows XP and Windows 2003 Server. The current F-Secure BlackLight beta does not work on Windows NT, 95, 98, ME, or 64-bit Windows.

A day late and a dollar short, Sony have now decided to actually recall and replace the affected CD's:

http://news.bbc.co.uk/1/hi/technology/4441928.stm

It also turns out that Sony has been doing some price fixing with the online vendors in the UK. No doubt it has also been occurring elsewhere as well. Sony was forcing the online vendors to add 10-15% onto the online prices for Sony products.

There was a time when Sony was known for top quality products, as in buy Sony or Panosonic. Those days are definitely gone for Sony, never to return again.

Linda

This site lists how to delete the XCP and directs you to a site to determine if you have it on your computer.

It also notes that you should not use IE if you have the XCP and have made it to at least step 2 of Sony's uninstall process as you leave yourself open to a malicious web page. Firefox does not seem to be affected..

http://www.freedom-to-tinker.com/?p927

Doc

Quote:

---

Originally Posted by LindaHewitt

It also turns out that Sony has been doing some price fixing with the online vendors in the UK. No doubt it has also been occurring elsewhere as well. Sony was forcing the online vendors to add 10-15% onto the online prices for Sony products.

There was a time when Sony was known for top quality products, as in buy Sony or Panosonic. Those days are definitely gone for Sony, never to return again.

Linda

---

I SO agree! And, it's not sufficient for Sony to "right the wrong" in this case, because the problem is only 1/2 that they DID it, and that it caused PROBLEMS... the other 1/2 is that they have this INTENT in the first place! I simply can't trust a company that thinks and makes decisions in that manner, regardless of outcome.

I'm DONE with Sony forever, and hope others will react the same way. :mad:

Quote:

---

I'm DONE with Sony forever, and hope others will react the same way.

---

Add my name to that list!...:mad:

Quote:

---

Originally Posted by SuperSparks

A day late and a dollar short, Sony have now decided to actually recall and replace the affected CD's:

http://news.bbc.co.uk/1/hi/technology/4441928.stm

---

Too late, yes, but its good to see them make a step in the right direction. Question is how they will act from now on. If they think the public will forget about this after their CD recalls, they are wrong. They still have a long way to go to right their wrongs.

I made the decision very quickly to never by Sony again when I first heard the news, right from the get-go.
But, it might go a long way in their recovery if they posted photos of the idiots they fired when said idiots realized that the jig was up!!! ;-)

From that link

Quote:

---

However, work by respected net expert Dan Kaminsky found that more than 500,000 networks have at least one machine on them using XCP.

Although the CDs containing XCP were only released in the US, Mr Kaminsky found that 44,000 copies were installed on machines in the UK.

---

How does this dude know that sort of information, does he hack into peoples networks ?

Also is 500,000 networks world wide because as a % or worldwide networks I reckon that would be pretty pathetic.

If he were to hack into 500,000 network, he'd probably be a bit busy. No idea how he could know that information. It may be BS. He might be trying to advertise himself.
Considering though, that around 2 million of the CDs were sold, 500,000 is a pretty high %.

He found the info by the simple expedient of querying the DNS cache of a largeish sample of networks. Any rootkit software that has phoned home will have the web address stored in its network DNS cache. As there is no reason fopr anyone to visit that site, it's a pretty sure bet that any visits to the site have been made by the rootkit and so he extrapolated the information from that.

Here's a good article on how Dan Kaminsky did it:

http://www.wired.com/news/technology...,69573,00.html