Sony, Rootkit, and you.

[Mr Initial Man]

I rarely post anything I see in emails here, but this one I'll believe. One, there are news stories. Two, I know there IS a company called Iko Industries. My mom works for them, and she forwarded this to me.

I thought I'd put this warning on the forums.
-------------------------------------------
From: Stuart Knetsch
Sent: Friday, November 18, 2005 9:59 AM
To: All Users
Subject: Security Alert

This is a warning to all employees to NOT play any Sony/BMG Music CD's on their work computer and even their home computers. The CD's are safe to play in normal home audio/car audio CD players, this warning affects only using Computers to play these CDs.

Sony corporation in it's fight against music piracy and music file sharing released several CDs that contain a "rootkit" program. This program has to be installed on a computer in order to play a Sony music CD, the default CD music players on a computer will not work.

This program has been released in two versions:

Version 1)
When you insert a Sony music CD with the version 1 of the rootkit, you are prompted to install a software music player. This music player allows you to play the CD, but it also does the following:

* It modifies your system files
* It will log how often you play the CD, what songs you play, and then uploads that information to Sony so that they can track your personal music listening habits
* It opens a massive gaping security hole on your computer that allows any hacker to install any software package on your computer that they desire
* It causes almost continuous disk access on your PC, potentially causing your Hard Drive to burn out and die.

This program is NOT removable. If you delete the files manually, your CDROM drive will cease to function

Sony provided an uninstaller after customer's complained. The uninstaller does not completely remove the program and in fact adds another Spyware program of its own.

Version 2)
When you insert a Sony music CD with the version 2 of the rootkit, the software automatically installs itself without you knowing. This music player allows you to play the CD, but it also does the following:

• It modifies your system files
• It will log how often you play the CD, what songs you play, and then uploads that information to Sony so that they can track your personal music listening habits
• It causes almost continuous disk access on your PC, potentially causing your Hard Drive to burn out and die.

This is currently an ongoing issue with Sony, they keep releasing updates but the core functionality of the program remains the same, you can only use the Sony CD player to play a Sony CD and it will upload your personal information and music listening habits to Sony.

THIS IS NOT A JOKE.

This is a link to a website at Computer Associates, our Antivirus Software provider about this issue:
http://www3.ca.com/securityadvisor/p...aspx?cid=76345

A story at USAToday about this
http://www.usatoday.com/tech/columni...-rootkit_x.htm

Another link at Yahoo news
http://news.yahoo.com/s/zd/20051101/tc_zd/164166

From our internal logs, we can track if a company computer is uploading the personal information to Sony. To date, we have not logged any events of that nature. It is safe to assume our company assets are safe. However, as a continuing policy, all Sony/BMG CDs are banned from being played on company computers.

------------------------------------------------------------

From: Stuart Knetsch
Sent: Friday, November 18, 2005 10:28 AM
To: All Users
Subject: Followup - Security Alert

Here is a list of known affected CDs

Album list
12 Songs by Neil Diamond
At This Time by Burt Bacharach
The Best of Shel Silverstein by Shel Silverstein
Bob Brookmeyer & Friends by Bob Brookmeyer
The Body Acoustic by Cyndi Lauper
Broken Valley by Life of Agony
Cautivo by Chayanne
Complicated by Nivea
The Dead 60s by The Dead 60s
Dreamin' My Dreams by Patty Loveless
Drum Suite by Art Blakey
The Essential Dion by Dion
The Essential Pete Seeger by Pete Seeger
Faso Latido by A Static Lullaby
Foggy Mountain Jamboree by Flatt & Scruggs
Friendship by Ray Charles
Get Right With the Man by Van Zant
Goldon by Elkland
The Great American Songbook by Billie Holiday
The Great American Songbook by Frank Sinatra
The Great American Songbook by Louis Armstrong
Healthy in Paranoid Times by Our Lady Peace
I Saw The Light With Some Help From My Friends by Earl Scruggs
Interiors by Rosanne Cash
The Invisible Invasion by The Coral
Jeru by Gerry Mulligan
King's Record Shop by Rosanne Cash
Live In Tokyo by G3
Manhattan Symphonie by Dexter Gordon
Mary Mary by Mary Mary
My Very Special Guests by George Jones
Nothing Is Sound by Switchfoot
On ne Change Pas by Celine Dion
Phantoms by Acceptance
Ride by Shelly Fairchild
Robbery by Teena Marie
The Season by Jane Monheit
Seven Year Ache by Rosanne Cash
Shine by Trey Anastasio
Silver's Blue by Horace Silver Quintet
Sings the Peggy Lee Songbook by Bette Midler
Something To Be Proud Of: The Best of 1999-2005 by Montgomery Gentry
Susie Suh by Susie Suh
Suspicious Activity? by The Bad Plus
This Is Niecy by Deniece Williams
Times Like These by Buddy Jewel
To Love Again by Chris Botti
Touch by Amerie
Unfabulous and More: Emma Roberts by Emma Roberts
Unwritten by Natasha Bedingfield
Vivian by Vivian Green
Walking Among The Living by Jon Randall

Sony is offering to exchange affected CDs for non-affected CDs, see http://www.upsrow.com/sonybmg/ for details.

Sony has pulled the affected CDs off of store shelves. However, their official statement is:

"As a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology,"
"We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use,"

This is open to wide interpretation, but I read it as Sony is reserving the right to reinstitute a modified version of this program in the future. So the ban against Sony/BMG CDs on company computers will stay in effect for the near future.

Thank-you

Stuart Knetsch
Team Leader - Systems Administration
IKO Industries Ltd.
(905) 457-2880 Ext. 4467



This is a warning to all employees to NOT play any Sony/BMG Music CD's on their work computer and even their home computers. The CD's are safe to play in normal home audio/car audio CD players, this warning affects only using Computers to play these CDs.

Sony corporation in it's fight against music piracy and music file sharing released several CDs that contain a "rootkit" program. This program has to be installed on a computer in order to play a Sony music CD, the default CD music players on a computer will not work.

This program has been released in two versions:

Version 1)
When you insert a Sony music CD with the version 1 of the rootkit, you are prompted to install a software music player. This music player allows you to play the CD, but it also does the following:

* It modifies your system files
* It will log how often you play the CD, what songs you play, and then uploads that information to Sony so that they can track your personal music listening habits

* It opens a massive gaping security hole on your computer that allows any hacker to install any software package on your computer that they desire

* It causes almost continuous disk access on your PC, potentially causing your Hard Drive to burn out and die.

This program is NOT removable. If you delete the files manually, your CDROM drive will cease to function

Sony provided an uninstaller after customer's complained. The uninstaller does not completely remove the program and in fact adds another Spyware program of its own.

Version 2)
When you insert a Sony music CD with the version 2 of the rootkit, the software automatically installs itself without you knowing. This music player allows you to play the CD, but it also does the following:

* It modifies your system files
* It will log how often you play the CD, what songs you play, and then uploads that information to Sony so that they can track your personal music listening habits

* It causes almost continuous disk access on your PC, potentially causing your Hard Drive to burn out and die.

This is currently an ongoing issue with Sony, they keep releasing updates but the core functionality of the program remains the same, you can only use the Sony CD player to play a Sony CD and it will upload your personal information and music listening habits to Sony.

THIS IS NOT A JOKE.

This is a link to a website at Computer Associates, our Antivirus Software provider about this issue:
http://www3.ca.com/securityadvisor/p...aspx?cid=76345

A story at USAToday about this
http://www.usatoday.com/tech/columni...-rootkit_x.htm

Another link at Yahoo news
http://news.yahoo.com/s/zd/20051101/tc_zd/164166

From our internal logs, we can track if a company computer is uploading the personal information to Sony. To date, we have not logged any events of that nature. It is safe to assume our company assets are safe. However, as a continuing policy, all Sony/BMG CDs are banned from being played on company computers.

____________________________________
Stuart Knetsch
Team Leader - Systems Administration

IKO Industries Ltd.
40 Hansen Rd. S.
Brampton, ON L6W 3H4

[felgall]

The latest news that I have seen is that Sony have recalled all of the CDs.

[Ultimater]

One word -- WOW!.....

[David Harrison]

See, this is why everyone should just download their music (legally of course!).

[bathurst_guy]

Yes all the CD's have been recalled to my knowledge too. If you want to check if you have been affected, create any file anywhere on your computer and start the file name with $sys$ if it disappears then you have installed the rootkit.

[Stephen Philbin]

Quote:

Originally Posted by David Harrison

See, this is why everyone should just download their music (legally of course!).

Why? So Sony can be certain that the thing we're using to play our music is capable of having things installed on it?

[LiLcRaZyFuZzY]

Quote:

Originally Posted by David Harrison

See, this is why everyone should just download their music (legally of course!).

indeed

[Ness_du_Frat]

Waoooo, I'm glad I never buy music, then.

[Mr Initial Man]

A Poisoned Minds Comic about the Sony Rootkit

Strong language warning!

[LiLcRaZyFuZzY]

The wikipedia article about sony rootkit

another comic about sony rootkit

[NogDog]

Fortunately for me, I guess, I'm too picky about my music: I always use my stereo for music and my PC for computing. (And MP3 compression takes away to much musicality from the original CD, which itself is not as musical as an analog vinyl record or a SACD.)

[LiLcRaZyFuZzY]

thats a musician talking!

[Ultimater]

Quote:

Originally Posted by Mr Initial Man

A Poisoned Minds Comic about the Sony Rootkit

Strong language warning!

LMFAO, haha. Sounds like one of 'em one-way convertsations you have with your parents when they are talking about their day when all you respond is "ahuh.. , yeah.. , "ahuh..". lol. The only difference would be that I would be thinking about making this thread instead of playing golf.

[Ultimater]

Quote:

Originally Posted by LiLcRaZyFuZzY

another comic about sony rootkit

Celine Dion rocks!