UK

Security, Compliance & Awareness

Hacking Horror of the Month - Sony

This month's hack features one of the world's major music recording labels - Sony. It has been widely publicised over the past few weeks that Sony has been making use of techniques normally restricted to malware authors to install and hide copy protection software in the systems of people who purchase Sony CDs.

CDs from a number of manufacturers have been carrying copy protection software for some time now. Normally this copy protection is a simple autorun application, which presents the user with a media player and disables the use of the PC's CD drive by other audio applications. Sony however have decided to make use of a more insidious form of copy protection, and have been silently installing what has been described as a rootkit onto users' computers.

Sony's software monitors the use of certain copy protected CDs on the system, and enforces copy and file sharing rules over the CDs. There are a raft of ethical issues that Sony has arugably failed to consider when deciding to silently install software onto millions of peoples' computers, however ethical issues aside, what is the potential technical impact of Sony's move?

One of the rootkit's key features is the ability to hide files and processes. It does not take a lot of imagination to see that these are two features that are highly useful to other forms of malware (worms and spyware in particular). In fact several different variants of malware have already been found in the wild that make use of the Sony rootkit to hide their own malicious activity.

Worse still, Sony released a 'patch' to their rootkit, which made use of an ActiveX control to remove parts of the rootkit. True to the form of the rest of this saga, the patch was vulnerable to a number of serious security flaws, which could amongst other things allow an attacker to remove files from your system, and to reboot your system without your permission all through a webpage.

To their credit, Sony have now offered to replace all affected CDs free of charge, and have modified their rootkit 'patch' to repair some of the key security concerns. To find out more about the rootkit, and for information on seeing whether you have been affected, see the links of interest section.

See Also

  • http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
  • http://blog.sonymusic.com/sonybmg/archives/111505.html
  • http://www.eff.org/deeplinks/archives/004163.php

InfoAware

InfoAware is our training solution for User Awareness, IT Staff Awareness and Information Governance.  Covering all the relevant topics required by international standards such as ISO 17799, it comprises a multimedia Video/DVD and Learning Management System. 

InfoAware is easy to deploy over the Intranet and can be used for induction and refresher training courses.  InfoAware takes users through a multi-choice question and answer session on each topic and allows organisations to deploy additional training material and policy documents to all staff.

More details can be found at www.infoaware.com

Contact

Safecoms has operations in the UK and Australia, with representatives in the USA, Asia and the West of Scotland.

If you would like someone from Safecoms to contact you please email us at info@safecoms.co.uk