Results 1 to 14 of 14
Thread: Sony
Hybrid View
-
16th November 2005 15:09 #1Registered User
Join Date: Mar:2004
Location:
Posts: 3,748
Sony
copy-protection- Sony , . :
Sony, Rootkits and Digital Rights Management Gone Too Far
More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home
First Trojan using Sony DRM spotted
Microsoft to remove Sony malware from PCs
Researchers: Sony Patch Opens Huge Security Hole
DRM- malware, ActiveX , .
, AutoPlay- CD- .
-
16th November 2005 18:42 #2
:)
The Sony/BMG DRM rootkit was first discovered by F-Secure and widely publicized by Mark Russinovich of Sysinternals in his blog. The Sony DRM hides itself by modifying the Windows kernel, names itself "Plug and Play Device Manager" to confuse users, consumes CPU resources whether running or not with sloppily written code that does things like querying the file size eight times per scan, scanning every two seconds, and, worst of all, allows any hacker to easily hide files on your system.
Sony's license agreement is vague about what it's installing and implies that it can be easily disabled. It cannot.
Use Sysinternals' Rootkit Revealer or F-Secure's Blacklight to find the rootkit - look for $sys$ - but don't remove it or you'll loose access to your CD-ROM drive.
Sony is now offering removal instructions that point you to the XCP Aurora web site and Service Pack 1 containing "fixes and workarounds."What is a rootkit?
The term rootkit is very old and is dated back to the days when UNIX ruled the world. Rootkits for the UNIX operating system were typically used to elevate the privileges of a user to the root level (=administrator). This explains the name of this category of tools.
Rootkits for Windows work in a different way and are typically used to hide malicious software from for example an antivirus scanner. Rootkits are typically not malicious by themselves but are used for malicious purposes by viruses, worms, backdoors and spyware. A virus combined with a rootkit produces what was known as full stealth viruses in the MS-DOS environment.
How dangerous is a rootkit?
The rootkit itself does typically not cause deliberate damage. Its purpose is to hide software. But rootkits are used to hide malicious code. A virus, worm, backdoor or spyware program could remain active and undetected in a system for a long time if it uses a rootkit.
The malware may remain undetected even if the computer is protected with state-of-the-art antivirus. And the antivirus can't remove something that it can't see. The threat from modern malware combined with rootkits is very similar to full stealth viruses that caused a lot of headache during the MS-DOS era. All this makes rootkits a significant threat.
How common is the problem?
There are currently several spyware programs and viruses that use rootkits to hide. There are also a couple of publicly reported intrusions where rootkits have been used (for example the theft of the Half-Life 2 source code).
Rootkits are already quite common in spyware programs but not as common in viruses. There is clear evidence that rootkits is a technique that works in practice. But the actual threat is still small compared to the potential of this technique.
What malware uses rootkit techniques?
First of all, "real" rootkits such as Hacker Defender and FU, of course. Then some spyware/adware programs such as EliteToolbar, ProAgent, and Probot SE. Some Trojans such as Berbew/Padodor and Feutel/Hupigon, and also some worms e.g. Myfip.h and the Maslan-family.
Shouldn't antivirus detect rootkits before they go into hiding?
Yes, and in some cases it will. However, rootkits are usually distributed in source code and that means a hacker can modify the rootkit until antivirus products no longer detect it. In fact, many rootkit and Trojan authors sell "undetection service" to their "customers". This means that for a certain amount of money they guarantee that the rootkit binary they sell is not at that point detected by any antivirus vendors. There are also some other features in modern antivirus products that may detect rootkits. For example F-Secure Internet Security 2005 has a feature we call "Manipulation Control". It is a behavioral blocking mechanism that prevents malicious processes from manipulating other processes. This will prevent the activation of some rootkits, but not all.
What's the forecast for rootkits?
Rootkits are already quite common in the spyware field and they are becoming more commonly used among virus authors as well. Virus writers of today are becoming more professional and have a business purpose for their activities. They certainly have the skills and motivation to implement the added complexity that rootkits introduce in a virus or worm.
Rootkits can make hidden backdoors or spam-relays in infected computers useful for a much longer time. There is reason to believe that the use of rootkits will increase in the future.Gigabyte X570 AORUS Ultra | 5950X | Arctic Liquid Freezer II 240 | Corsair Vengeance LPX 2x8GB 3200Mhz | Samsung 980 Pro 1TB + Samsung 970 Pro 1TB | Gigabyte AORUS GeForce RTX 3080 Ti Master 12GB | Fractal Design Meshify C Dark TG | Corsair AX860i | Samsung U32H850 32" 4K
-
16th November 2005 22:59 #3
First4Internet XCP DRM-. , Sony , rootkit , :
Sony Shipping Spyware from SunnComm, Too
-
18th November 2005 02:00 #4
XCP DRM-, . , GPL LGPL . GPL LGPL , LAME, mpglib FAAC.
:
http://hack.fi/%7Emuzzy/sony-drm/
http://www.the-interweb.com/serendip.../20051117.html
-
18th November 2005 12:54 #5Banned
Join Date: Oct:2001
Location: , -5
Posts: 2,637
-
18th November 2005 23:57 #6User Not Found
Join Date: Mar:2002
Location:
Posts: 1,191
() ( "" /), ?!?
Originally Posted by exabyte
"" , .




Reply With Quote
LOG
6th May 2023, 12:03 in