I’m sure we have all read about the SONY rootkit……
Now we have to worry about something as simple as playing a CD in your work computer.
[If not below is a run down……]
The part of this issue that interested me was that First4Internet programmer, Ceri Coburn, asked, and was told, on an online forum how to do this.
I see threads in the forums on ‘iffy’ topics. Getting keypresses, capturing screens ect.
I visited some of the sites, belonging to the posters, which related to ‘security’ and was not reassured.
Should we be spreading this kind of information around?
Should we be taking more care that the information is used responsibly?
Should we just ignore it, as the info is already out there?
Sysinternals has discovered a rootkit in the media player that comes with a copy protected CDs from Sony BMG and Universal.
The 'patch' is just a PR exercise. Does not actually remove the root-kit, just its 'cloaking' and in fact adds files to the DRM.
According to Sysinternals Mark Russinovich's BLOG XCP;
- scans the executables corresponding to the running processes on the system every two seconds
- degrades system performance 24/7 (not just when the media player is in use)
- uses misleading names such as "Plug and Play Device Manager" to deceive users into thinking it's a legitimate part of Windows
- tampers with the low-level operation of the system, causing stability and compatibility problems
- installs hooks and filters, making it difficult to uninstall without breaking Windows
It has also been discovered that the DRM calls home as well.
Here is the programmer asking for help on a forum.
Computer Associates declare it a trojan