November 10, 2005 12:40 PM PST

'Bots' for Sony CD software spotted online

A first wave of malicious software written to piggyback on Sony BMG Music Entertainment CD copy protection tools has been spotted online, computer security companies said Thursday.

Sony's software, installed when playing one of the record label's recent copy-protected CDs in a computer, hides itself on hard drives using a powerful programming tool called a "rootkit." But the tool leaves the door open behind it, allowing other software--including viruses--to be deeply hidden behind the rootkit cloak.

The first version of a Trojan horse spotted early Thursday, which aims to give an attacker complete remote control over an infected computer, didn't work well. But over the course of the day, several others emerged that apparently fixed early flaws.

"This is no longer a theoretical vulnerability; it is a real vulnerability," said Sam Curry, vice president of Computer Associates' eTrust Security Management division. "This is no longer about digital rights management or content protection, this is about people having their PCs taken over."

Sony's use of the rootkit software has sparked a firestorm of criticism online and off over the company's techniques, highlighting concerns that remain over record labels' increasingly ambitious attempts to control the ways consumers can use purchased music.

Last week, plaintiffs' attorney Alan Himmelfarb filed a class action suit against Sony BMG in Los Angeles federal court, asserting that the company had violated state and federal statues on unauthorized computer tampering. The company's actions also constituted fraud, trespass and false advertising, the suit contends.

Other attorneys say they are considering other suits. Several Italian consumer groups also have said they are looking into the prospect of taking legal action against Sony, although the relevant discs were distributed by the record label's U.S. division and not intended for overseas sale.

Sony's use of the rootkit stems from record companies' growing concerns that unrestricted music copying is undermining their sales, and they have been looking for a technological way to limit the number of copies that people can make of each CD they buy.

Reader response
What should Sony do?
Debate how the debacle will
affect the label's policies.

Sony BMG has experimented with several different ways to do this. The current controversy focuses on just one of those tools, created by a British company called First 4 Internet.

The First 4 Internet software is included on a handful of CDs, including recent releases from My Morning Jacket and Southern rockers Van Zant. When the albums are put in a computer's CD drive, they ask a listener to click through a consent form, and then install the rootkit copy-protection software on the hard drive.

A rootkit is a tool that takes a high level of control over a computer, potentially even preventing the original computer user from performing certain tasks. In this case, the First 4 Internet hides itself from view in the computer's guts.

Sony's 'rootkit' CDs
Find out what the risk is, and how it could affect you.

One Trojan horse discovered by security companies Thursday is a variant of a pre-existing software distributed by spam e-mail, among other techniques.

One version of the e-mail claims to be from a business publication and says it is using a photograph of the recipient for a soon-to-be published article, according to security company BitDefender. Clicking on the alleged photograph installs the malicious software, which then connects automatically to the Internet Relay Chat chat network, opening up a channel to control the infected computer.

In a new version of the program, the software hides itself using Sony's rootkit tool and then tries to connect to a server on the chat network. The first version of the Trojan was unable to function after hiding itself, security company F-Secure said. However, several other variants have been found that are able to successfully take over control of a computer after hiding under the Sony software.

All virus companies are rating the danger as fairly low so far, since the Trojans seem to be spreading slowly.

Most antivirus companies are releasing versions of their software that identify or remove the Sony software. A patch on the Sony Web site will uncloak the copy protection tools, but computer users must contact Sony's customer service for instructions on removing it altogether.

Neither Himmelfarb nor a Sony BMG spokesman could immediately be reached for comment. A Sony BMG representative contacted last week noted that the software could be easily uninstalled by contacting the company's customer support service for instructions.

See more CNET content tagged:
First 4 Internet Ltd., record label, Sony BMG Music Entertainment, rootkit, copy protection


Join the conversation!
Add your comment
Boycott Sony
The answer is simple. Don't buy Sony products unless they recall ALL of the defective CD's and promise NOT to do this again. This is illegal and it is certainly unethical. They have NO right to put a rootkit or any other program on my PC with out an uninstall. They should be ashamed of themselves. Just because they are unable to stop piracy, they should not punish law abiding customers by subjecting their PC's to virus/trojan horse attacks.
Shame on SONY....
Posted by Classic Software (15 comments )
Reply Link Flag
Agree, but the lawyers are going to make a kill
Ok, this is another opportunity for lawyers to make out like the bandits they are. Lawsuits will come out of all places. Settlements will be made and no one will see a penny other than the lawyers.

Granted, I completely disagree with Sony's practice and I'm glad it has happened so quickly. Otherwise, we would've ended up with a much worse situation in which these virus making clowns would've had the chance to really perfect their attacks.

Boycotting Sony is not going to achieve anything.
What we need is a congressional hearing in which Sony, and any other company with similar practices, are held accountable.
Posted by Dead Soulman (245 comments )
Link Flag
here's the feedback page for Sony
I just sent them a note letting them know that after 35 years as a Sony customer, I won't be buying any of their products any more. If "everyone" does this (feedback and boycott), maybe they will change their ways.

<a class="jive-link-external" href="" target="_newWindow"></a>

Posted by banjodan (1 comment )
Link Flag
CDs for sure, but what about Blueray?
Given the propensity for Sony to engage in unethical behavior, and given Sony's claims for DRM "features" that will be available on their Blueray disks I think it is incumbant on the user community to say a resounding "NO!" to this incipient threat.

Personally, if "Its a Sony" it is never going to be on my shopping list.
Posted by dlgehrt (9 comments )
Link Flag
Unbelieveable! Boycott ALL OF SONY!
First The FTC, needs to get off it's backside and sanction SONY! Next since it is Eliot Spitzer's backyard, he needs to start immeadiate proceedings to literally tar and feather this gang of thieves and charlatans for this criminal act of folly, of breaches of assorted state and federal laws. Finally, send in suits, to bleed SONY out of existence with 100 million cuts(hey sony's legal team neither has the smarts or numbers to simultaneously fight 100 million small civil claims for damages and liabilities in repairing damaged windows computers(repeated seperate individual virii/trojan/phishers etc using sony supplied software), whilst fighting the FTC, Eliot Spitzer, and the two other class action law suits. SONY would literally bleed to death from all the small claims payments and other legal settlement enforced on them, whilst facing a total consumer boycott of all it's existing and new upcoming products. Oh well here's hoping Toshiba's new baby HDDVD wins hands down after this debacle!
Posted by heystoopid (691 comments )
Reply Link Flag
Agree - Boycott Sony!
This protection is aimed at the wrong set of people!

Sony, you are hurting your PAYING CUSTOMERS.
Posted by kfr01 (12 comments )
Link Flag
Memory Sticks; Clie; Vaio...
What Sony probably was thinking (and still continues to believe) is that it's the Microsoft of the consumer electronics arena. Unfortunately that continues to be its biggest fallacy. SD cards reign now. The PalmOS was corrupted by Sony's "extras" that tried to hide as much as possible the underlying OS (the reason we buy PalmOS devices is for PalmOS!) and the Vaio... don't even get me started on hard-to-find device drivers, as well as removing junkware pre-installed on a Vaio computer...

It's a real shame to see Sony's slide. The Xbox is also kicking Playstation. Who would have thought! I used to love Sony. Now, I buy Canon digital cameras, Sharp televisions, Apple music players, and industry standard memory cards.
Posted by npxzbebq (78 comments )
Reply Link Flag
Posted by BCurrent (4 comments )
Reply Link Flag
It's the Platform, too...
Sony should be held liable. But don't forget, it's the MS Windows
poorly crafted operating system that makes this kind of access
Posted by cjohn17 (268 comments )
Reply Link Flag
Not so
The term "Root Kit" comes from the Linux and Unix world where such software was originally conceived and used. Your average consumer would install a Linux rootkit just as readily as they installed this one.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Support their competitors
Sony has been trying to shove their proprietary crap down our throat all these years. This is just another example of their arrogance. To combat this we should support their competitors mainly Samsung. Screw Sony!!! Go Samsung!!!
Posted by letmein (3 comments )
Reply Link Flag
when will they learn?
Sony has dvds that are protected using a copy protection scheme similar to the ones used on game cds. There are errors on the dvd which don't allow the dvd to be ripped using tools which exist currently.

There is, however, a tool which not only removes the encryption, macrovision, region code, but just about every annoying thing they put on a dvd, including the new copy protection.

If such a tool already exists for their dvds, it's only a matter of time when a tool is made to bypass or completely remove the rootkit sony installs.

As of now, you can still rip their music cds anyway, just use a linux box or a mac.
Posted by thedreaming (573 comments )
Reply Link Flag
yes indeed
There is in fact a tool that will remove the rootkit: It's called spyware/virus scan. It's nice to see that some of the major software vendors are treating this like the scumware it really is and detecting and removing it like any other unwanted pest.
I wonder if Sony will be stupid enought to sue them.

I already sent a letter to Sony earlier this week telling them I was completely done with any Sony product, hardware or software.
Sad, because at one time I was working on making every electronic gadget in my house a Sony and I also manage a network for my company.
But who has time for this kind of treatment? As a paying customer I expect to avoid viruses in my PC. If I wanted the hassle I could just go get a buggy file from a P2P, which ironically is now probably safer!
Posted by skeptik (590 comments )
Link Flag
Next they will claim...
Next they will claim...that the music sales are down because of this backlash instead of the crappy music that they have given the world. It doesn't matter anyway, in 5 years (or so) everyone will buy/steal the music they want online and the stores will go away. At least you vcan buy one song instead of 90% rubbish and 1 half-decent song, no wonder myspace is rising while the record labels are sinking

<a class="jive-link-external" href="" target="_newWindow"></a>
Posted by SqlserverCode (165 comments )
Reply Link Flag
Now Sony use that DMCA $ to fight its legal battles
Because they are going to get sued for this bots the minute this technology costs an ISP or network money.

Wait and see.
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
Sony Toast
I run a network for a smb with a $40 million annual IT budget. As of this moment, no Sony product will ever enter our business again. You cannot make a "mistake" of this kind unless you have compleatly lost all sense of right and wrong.
Posted by johngregor (1 comment )
Reply Link Flag
Not a Sony Product / Creation.
The important thing most people forget here is that this software was not created by Sony. They licensed software from another company that was advertised as "Digital Rights Management". They likely did not understand exactly how it did it's job.

This rootkit software was also reported as provided to major anti-virus firms well before release and they found nothing wrong with it.

This brings to light a much more important issue. Software companies need to disclose what their software does and how it does it. Such efforts exist in standardization and published methods. If they don't publish how they get the job done, don't trust the software.
Posted by zaznet (1138 comments )
Reply Link Flag
yeah right
What about this comment by the president of Sony BMG's global digital business, Thomas Hesse: "Most people don't know what a rootkit is, so why should they care about it."

<a class="jive-link-external" href=",1895,1883828,00.asp" target="_newWindow">,1895,1883828,00.asp</a>
********. This and the desire for proprietary formats really opened my eyes. I will go out of my way to not buy anything from Sony. They make Microsoft look like choirboys and I will prolly buy a Xbox360 over ps3 now.
Posted by calvinshobbes (1 comment )
Link Flag
Does everyone want to throw the baby out with the bath water?

We need to hurt them real bad but IMHO not shut them down.

I know everyone is angry now but...

Maybe BMG needs to be taken down and the rest of Sony hit hard but not shut down.
Posted by royc (78 comments )
Reply Link Flag
Stupid and Misleading
The trojan installs itself using Sony's rootkit? Ok, so, all I need to do is get a copy of a rootkit being used by some company, write a trojan to take advantage, and I can destroy the company since "their" rootkit made my trojan possible. ********. So, I suppose that if the creator of the trojan used another rootkit, it wouldn't be a problem.
Posted by zboot (168 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.