Thread: SONY RootKit programmer got info from an Online Forum.

  1. #1
    train spotter
    Join Date
    Aug 2001
    Location
    near a computer
    Posts
    3,868

    SONY RootKit programmer got info from an Online Forum.

    I’m sure we have all read about the SONY rootkit……
    Now we have to worry about something as simple as playing a CD in your work computer.
    [If not below is a run down……]

    The part of this issue that interested me was that First4Internet programmer, Ceri Coburn, asked, and was told, on an online forum how to do this.

    I see threads in the forums on ‘iffy’ topics. Getting keypresses, capturing screens ect.

    I visited some of the sites, belonging to the posters, which related to ‘security’ and was not reassured.

    Should we be spreading this kind of information around?
    Should we be taking more care that the information is used responsibly?
    Should we just ignore it, as the info is already out there?







    SONY Rootkit
    Sysinternals has discovered a rootkit in the media player that comes with a copy protected CDs from Sony BMG and Universal.

    The 'patch' is just a PR exercise. Does not actually remove the root-kit, just its 'cloaking' and in fact adds files to the DRM.

    Not to mention you (at this time) can not get the patch unless you supply your personal details to Sony. Sony's privacy policy tells you that Sony 'can' add you to various marketing lists.

    http://www.freedom-to-tinker.com/?p=921

    According to Sysinternals Mark Russinovich's BLOG XCP;

    - scans the executables corresponding to the running processes on the system every two seconds
    - degrades system performance 24/7 (not just when the media player is in use)
    - uses misleading names such as "Plug and Play Device Manager" to deceive users into thinking it's a legitimate part of Windows
    - tampers with the low-level operation of the system, causing stability and compatibility problems
    - installs hooks and filters, making it difficult to uninstall without breaking Windows

    It has also been discovered that the DRM calls home as well.
    http://www.sysinternals.com/blog/

    Here is the programmer asking for help on a forum.
    http://www.osronline.com/showThread.cfm?link=42117

    Computer Associates declare it a trojan
    http://www3.ca.com/securityadvisor/p...x?id=453096362
    "Man alone suffers so excruciatingly in the world that he was compelled to invent laughter."
    Friedrich Nietzsche

    "I spent a lot of my money on booze, birds and fast cars......the rest I squandered."
    George Best

    "If you are going through hell....keep going."
    Winston Churchill

  2. #2
    & the hat of GPL slaying Thantos's Avatar
    Join Date
    Sep 2001
    Posts
    5,681
    I heard about this earlier in the week. Pretty amazing that they'd have the gull to do something like this. I'm pretty sure it violates a few laws here in the US. I'm almost willing to get a CD and have it install it so I can be part of the lawsuit class

  3. #3
    Registered /usr
    Join Date
    Aug 2001
    Location
    Newport, South Wales, UK
    Posts
    1,273
    I find it quite frightening that the record companies will trust anyone if they say "We can protect your content from these infidels! For a modest fee! And maybe some legal protection!"

    Although the use of the word "rootkit" in a Windows context is a bit OTT. You don't have to do anything to have root access on most peoples' XP boxes.

  4. #4
    Registered User Frobozz's Avatar
    Join Date
    Dec 2002
    Posts
    546
    Personally I don't see how they could have thought that nobody would find this rootkit. Also I would think this would discourage people from buying CDs. Who'd buy a CD only to have it do something bad? That's like paying a hacker for a virus!

  5. #5
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    Well, Sony is facing quite a few lawsuits right now.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  6. #6
    Unregistered User
    Join Date
    Sep 2005
    Location
    Antarctica
    Posts
    341
    there are plenty of legitimate uses of windows hooks and capturing keyboard strokes and such. Most of the people who ask probably aren't looking for legitimate reasons, but they can find the info elsewhere anyway.

  7. #7
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    The part of this issue that interested me was that First4Internet programmer, Ceri Coburn, asked, and was told, on an online forum how to do this.
    He asked nothing of the sort. He was asking how to install a filter driver without forcing a reboot afterwards. I fail to see how this is construed as him asking how to build a rootkit, and someone giving him directions. Besides, why would he need to ask someone on a forum how to build a rootkit when amazon.com sells several books detailing how to code your own.

    Second of all, rootkits are not illegal. Sony is under a lot of heat for installing a rootkit without telling the user that it was doing so, and also for introducing security holes in people's computers. I guarantee you that rootkits will be used again in the future for DRM enforcement, the only difference will be that companies will cover their ..........es better in the EULA. Hopefully a law of some kind will be implemented that forces companies to inform the user when a rootkit is being installed, but I'm not holding my breath.

    Oh, and I will continue to be amused at the people on this board that believe API functions like SetWindowsHookEx and CreateRemoteThread should be hidden from the masses

  8. #8
    train spotter
    Join Date
    Aug 2001
    Location
    near a computer
    Posts
    3,868
    If Sony is allowed to do this, can anyone do it?

    Can I put a 100 page EULA (who reads them?) on my app so you agree to allow my app to install spyware and be covered?

    Sure the programmer did not ask 'how do I make a rootkit'. If he had divulged/explained why he needed a driver without a reboot, would he had been told?

    Posters here are the same, not asking how to make a keylogger, they ask 'how does my window, without focus, capture keypresses'.

    I'm not saying hide the info from the masses but rather make them either justify their need or do their own reseach.
    Last edited by novacain; 11-11-2005 at 10:14 PM.
    "Man alone suffers so excruciatingly in the world that he was compelled to invent laughter."
    Friedrich Nietzsche

    "I spent a lot of my money on booze, birds and fast cars......the rest I squandered."
    George Best

    "If you are going through hell....keep going."
    Winston Churchill

  9. #9
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    Can I put a EULA (who reads them?) on my app so you agree to allow my app to install spyware?
    Well different states/countries have different laws and definitions as to what spyware is. In the US, part of the definition of spyware is installing software without the user's knowledge. So you can install anything you want as long as you tell the user you are doing so (and as long as the program doesn't do anything malicious of course).

    Such as?
    I've coded several commercial application which make use of windows hooks. The fact that windows only sends keypress notifications to your application window when it has the focus is one of the main reasons for needing hooks (in my experience at least). As a specific (non-commercial) example, I used to play a game which used the numpad for certain hotkey buttons. Since this was inconvienient for me (and there was no in-game way to remap these keys), I installed a hook to remap these keypresses to something more convenient. Let's face it, if there were only malicous applications for using hooks, the API functions wouldn't exist. Also keep in mind that a programmer can do more damage with the system() function than they can with any hook.

  10. #10
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    Bah, you completely edited your post between me reading it, and posting my response. Now my last post doesn't make much sense

    Sure the programmer did not ask 'how do I make a rootkit'. If he had divulged/explained why he needed a driver without a reboot, would he had been told?
    If he had said he was writing DRM software, then yes. My point was that writing a filter driver is not necessarily part of a rootkit (although I guess it can be). A rootkit is when you write over the kernel API function table thus causing other applications to call your own kernel level functions. Doing this, you can essentially place your application between the user mode of the OS, and the hardware on the system.

  11. #11
    train spotter
    Join Date
    Aug 2001
    Location
    near a computer
    Posts
    3,868
    Now-a-days modifying a games function could be considered illegal under the DMCA.

    http://news.com.com/Blizzard+wins+la...3-5845905.html

    >>Second of all, rootkits are not illegal.

    They are in Australia.

    http://www.dcita.gov.au/ie/spyware/outcome_of_review

    Its review defined spyware as any software application that is generally installed without the knowledge or consent of the user, to obtain, use or interfere with personal information or resources, content or settings for malicious or undesirable purposes.

    Under
    Australian Securities and Investments Commission Act 2001 (Cth) and the Corporations Act 2001 (Cth)
    Privacy Act 1988
    Telecommunications Act 1997 (Cth)
    Telecommunications (Interception) Act 1979 (Cth)
    Trade Practices Act 1974 (Cth)

    "The advice received indicates that most serious and culpable uses of spyware do constitute criminal offences under existing legislation. These behaviours include:

    unauthorised access;
    ...
    ...
    content modification;
    theft of computer software, resources and bandwidth;
    ...
    ...
    impairment of security;
    damage to computer settings"
    "Man alone suffers so excruciatingly in the world that he was compelled to invent laughter."
    Friedrich Nietzsche

    "I spent a lot of my money on booze, birds and fast cars......the rest I squandered."
    George Best

    "If you are going through hell....keep going."
    Winston Churchill

  12. #12
    train spotter
    Join Date
    Aug 2001
    Location
    near a computer
    Posts
    3,868
    >>Bah, you completely edited your post between me reading it, and posting my response. Now my last post doesn't make much sense

    Sorry. Only saw your post when I posted the original....
    "Man alone suffers so excruciatingly in the world that he was compelled to invent laughter."
    Friedrich Nietzsche

    "I spent a lot of my money on booze, birds and fast cars......the rest I squandered."
    George Best

    "If you are going through hell....keep going."
    Winston Churchill

  13. #13
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    Nowhere in that link does it say anything that would indicate that a rootkit is illegal. According to that link, it's only illegal if it's installed without the users consent (and even then, it appears that the rootkit must perform some malicous action before it is considered illegal).

  14. #14
    Bob Dole for '08 B0bDole's Avatar
    Join Date
    Sep 2004
    Posts
    618
    >the rootkit must perform some malicous action before it is considered illegal

    "Sony BMG said it has temporarily stopped manufacturing music CDs containing a controversial copy-protection program after several Internet viruses took advantage of the software to attack computers."



    edit: post 600 wahoo
    Hmm

  15. #15
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    I never said Sony's rootkit was legal or illegal. My comment was referring to rootkits in general. I wouldn't be surprised if all the suites against Sony lose though. Having a team of high payed lawyers for situations like this can do wonders...

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Starting an online forum
    By slippy in forum Tech Board
    Replies: 5
    Last Post: 03-17-2008, 11:22 AM
  2. 2D RPG Online Game Project. 30% Complete. To be released and marketed.
    By drallstars in forum Projects and Job Recruitment
    Replies: 2
    Last Post: 10-28-2006, 12:48 AM
  3. Help doing an e-mail program in c...
    By Tyler_Durden in forum C Programming
    Replies: 88
    Last Post: 01-02-2005, 03:12 PM