Sony rootkit victims in every state, researcher says

By Ingrid Marson
Posted on ZDNet News: Jan 18, 2006 12:25:00 AM

A security researcher has claimed that computers in every U.S. state have been affected by copy-restriction software from Sony BMG.

Dan Kaminsky released the information at the Shmoocon 2006 hacker conference in Washington last week. Florida seems to have the highest number, with 12,588 networks detected that are hosting computers with the digital rights management software installed, according to his research. California and Massachusetts also exhibit high rates of infection, although the numbers are only an estimate, as each network could host any number of computers with the Sony software installed.

The DRM software is automatically installed by some Sony BMG music CDs and is hidden using a rootkit, which can be exploited by a particular type of Trojan horse and hence constitutes a significant security risk.

Kaminsky worked out the locations of machines with the rootkit installed by collating information on communication between the rootkit and Sony--the software contacts Sony each time the CD is played.

"Sony has a rootkit. The rootkit phones home. Phoning home requires a DNS query. DNS queries are cached. Caches are externally testable provided you have a list of all the name servers out there," Kaminsky said in a November blog posting.

In December, Kaminsky reported that around 560,000 name servers had "witnessed DNS queries related to the rootkit," which he claimed was "much, much more" than he expected.

The numbers presented at Shmoocon last week are more accurate, Kaminsky wrote in an e-mail to News.com. "Now we're only getting discs that are clearly linked to XCP," he said. "This is further validation for my original assertion of the 100,000-to-1 million scale of the problem."

The XCP copy protection software, created by U.K.-based First 4 Internet, is included on a limited number of Sony BMG titles, including recent releases from My Morning Jacket and Southern rockers Van Zant. When the discs are played on a computer, the listener is asked to click through a consent form and install the copy-protection software.

While the software may be on many PCs, the risk to those computers has been mitigated somewhat, Kaminsky said. "Antivirus may suppress the actual rootkit, and Sony is definitely warning people about the risk--but the question I was asking was is this a large-scale problem, and best available data says yes," he said.

The problems with Sony's DRM are not limited to U.S. customers, according to Kaminsky's research. He found that infected PCs are located in many places across the world, including many European countries.

Ingrid Marson of ZDNet UK reported from London. Joris Evers contributed to this report.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 40 Talkback(s)

Thread View
Flat View

RE: Ah---ha ha ha ha haaaaAAAA!!!!! I LOVE THIS ONE! by Grayson T. Peddie: Yeh, isn't that absolutely RICH???! ... (Read the rest); Posted by: btljooz Posted on: 01/20/06 You are currently: Logged In | Log out

Thanks for keeping me updated. Grayson Peddie | 01/17/06

Of course, nothing is going to happen to Sony mobrien_12@... | 01/17/06

Settlement Letophoro | 01/18/06

Not just lawsuits tic swayback | 01/18/06

I See It As MUCH Bigger Than That... itanalyst | 01/18/06

Me either. Grayson Peddie | 01/18/06

You didn't Shelendrea | 01/18/06

If I see Sony/BMG in the back of the CD case, Grayson Peddie | 01/18/06

It's not always on the back Shelendrea | 01/18/06

Note who else they own tic swayback | 01/18/06

RCA Records Grayson Peddie | 01/18/06

Partial list tic swayback | 01/18/06

RE: Partial list by tic swayback btljooz | 01/18/06

It's even bigger.... tic swayback | 01/18/06

RE: It's even bigger.... by tic swayback btljooz | 01/18/06

Oh YES something is GOING to happen to Sony!!! btljooz | 01/18/06

Number of new infections? Chad_z | 01/18/06

RE: Number of new infections? by Chad btljooz | 01/18/06

I dont trust Sony, BMG, etc anymore, so I will NEVER buy another CD again! xunil skcor | 01/18/06

Hey, no harm, no foul shraven | 01/18/06

Value of an album tic swayback | 01/18/06

or is it? shraven | 01/18/06

I think it is tic swayback | 01/18/06

I wish you were right. shraven | 01/18/06

?????? jks22835 | 01/18/06

what you don't know can't hurt you shraven | 01/19/06

re: No harm, no foul- NO B.S. dewey56 | 01/18/06

You mistake our concerns shraven | 01/19/06

Maybe this counts as Sony's viral marketing Boot_Agnostic | 01/18/06

Oh well , no winners many losers here! heystoopid | 01/18/06

RE: Oh well , no winners many losers here! by heystoopid btljooz | 01/18/06

something else is bothering me mac0252 | 01/18/06

RE: something else is bothering me by mac0252 btljooz | 01/18/06

You do realize who owns Epic, right? tic swayback | 01/18/06

Sony owns EPIC, see my post about ROOTKIT EVILS btljooz | 01/18/06

Digital Millennium Copyright Act (DMCA) = ROOT of DRM EVIL!!! btljooz | 01/18/06

Ah---ha ha ha ha haaaaAAAA!!!!! I LOVE THIS ONE! Grayson Peddie | 01/18/06

RE: Ah---ha ha ha ha haaaaAAAA!!!!! I LOVE THIS ONE! by Grayson T. Peddie btljooz | 01/20/06

What are victims of OTHER countries to do????? btljooz | 01/18/06

Ok but? tdybare | 01/19/06

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

BNET Industries
Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
The technology industry from a different angle
See what's hot in the auto industry
Stay on top of the energy industry