Hackers use Sony BMG to hide on PCs

[Lyte]

Don't hackers have anything else better to do?? :td:

http://news.yahoo.com/s/nm/20051110/tc_nm/sony_hack_dc

AMSTERDAM (Reuters) - A computer security firm said on Thursday it had discovered the first virus that uses music publisher Sony BMG's (6758.T) controversial CD copy-protection software to hide on PCs and wreak havoc.

Under a subject line containing the words "Photo approval," a hacker has mass-mailed the so-called Stinx-E trojan virus to British email addresses, said British anti-virus firm Sophos.

When recipients click on an attachment, they install malware, which may tear down a computer's firewall and give hackers access to a PC. The malware hides by using Sony BMG software that is also hidden -- the software would have been installed on a computer when consumers played Sony's copy-protected music CDs.

"This leaves Sony in a real tangle. It was already getting bad press about its copy-protection software, and this new hack exploit will make it even worse," said Sophos's Graham Cluley.

Later on Thursday, security software firm Symantec Corp. (Nasdaq:SYMC - news) also discovered the first trojans to abuse the security flaw in Sony BMG's copy-protection software. A trojan is a program that appears desirable but actually contains something harmful.

Sony BMG's spokesman John McKay in New York was not immediately available to comment.

The music publishing venture of Japanese electronics conglomerate Sony Corp. (6758.T) and Germany's Bertelsmann AG (BERT.UL) is distributing the copy-protection software on a range of recent music compact disks (CDs) from artists such as Celine Dion and Sarah McLachlan.

When the CD is played on a Windows personal computer, the software first installs itself and then limits the usage rights of a consumer. It only allows playback with Sony software.

The software sparked a class action lawsuit against Sony in California last week, claiming that Sony has not informed consumers that it installs software directly into the "roots" of their computer systems with rootkit software, which cloaks all associated files and is dangerous to remove.

Sophos said it would have a tool to disable the copy protection software available later on Thursday.

Sony BMG made a patch available on its Web site on Tuesday that rids a PC from the "cloaking" element that is part of the copy-protection software, while claiming that "the component is not malicious and does not compromise security."

The patch does not disable the copy protection itself.

The Sony copy-protection software does not install itself on Macintosh computers or ordinary CD and DVD players.

 

[yoink78]

I can't understand that. It doesn't make any sense, if you had computer skills, why wouldn't you develop some kind of software, and make good money and succeed instead of making people miserable, and putting yourself at risk of becoming a convicted criminal, harming the economy that you have to live in, and ruining your own life? It doesn't make logical sense.

 

[gonchiweb]

its unbeliable,

I can't understand that. It doesn't make any sense, if you had computer skills, why wouldn't you develop some kind of software, and make good money and succeed instead of making people miserable, and putting yourself at risk of becoming a convicted criminal, harming the economy that you have to live in, and ruining your own life? It doesn't make logical sense.

its simple, they dont want making money, they feel confortable doing damage on other people pcs and spying them, thats what they really wanna do.

that uses music publisher Sony BMG's (6758.T) controversial CD copy-protection software to hide on PCs and wreak havoc.

there is always a way to detect it,

bye

 

[yoink78]

The following is just my opinion about hackers, so if you're a virus maker of hacker or something, you might not want to read this, and I don't want you to if you'll get angry or offended. Remember it's just my opinion, and you don't have to listen to a word of it, and please keep in mind that it's your choice if you continue to read on:

It doesn't make any sense to me. I think that they have some sort of psychological problem or they're maybe mentally challenged in some way. I mean honestly, they're thought of as the lowest members of society. They carry both the titles of "nerds" and "losers". Virus makers have been caught and arrested so many times now that they're often thought of as the idiots of computers. And those that don't happen to get caught, they're thought of as some loser nerd hermit sitting in a computer desk wasting their life annoying people. Also, those who use spyware are the same as sexual offenders, and are often nothing but perverts spying on information. Nothing gets accomplished by doing this, they're often left alone because society can't stand them, and come on, who in the world wouldn't want to make money creating software over making yourself unliked, carrying half of the bad stereotypes known to man and possibly spending a lifetime isolated in a prison cell? There is definitely something wrong in the heads of these people. Somehow, they are mentally challenged or disturbed. Remember, as said above, this is just my opinion.

 

[gonchiweb]

The following is just my opinion about hackers, so if you're a virus maker of hacker or something, you might not want to read this, and I don't want you to if you'll get angry or offended. Remember it's just my opinion, and you don't have to listen to a word of it, and please keep in mind that it's your choice if you continue to read on:

It doesn't make any sense to me. I think that they have some sort of psychological problem or they're maybe mentally challenged in some way. I mean honestly, they're thought of as the lowest members of society. They carry both the titles of "nerds" and "losers". Virus makers have been caught and arrested so many times now that they're often thought of as the idiots of computers. And those that don't happen to get caught, they're thought of as some loser nerd hermit sitting in a computer desk wasting their life annoying people. Also, those who use spyware are the same as sexual offenders, and are often nothing but perverts spying on information. Nothing gets accomplished by doing this, they're often left alone because society can't stand them, and come on, who in the world wouldn't want to make money creating software over making yourself unliked, carrying half of the bad stereotypes known to man and possibly spending a lifetime isolated in a prison cell? There is definitely something wrong in the heads of these people. Somehow, they are mentally challenged or disturbed. Remember, as said above, this is just my opinion.[/QUOTE
im almost totally agree with you, but i still thinking they dont want to make money, why? because as you said they are psychologically disturbed and they are fed by causing damage to others, and feeling superior, because they have control of other computer
byeeeeeeeee

 

[armstrong]

You wouldn't have superheroes without supervillains. Agreed, criminals are contemptible and deserve punishment, but they do make life interesting. Also, while most of them are indeed stupid, quite a number are actually brilliant. What makes them different from most folks is their opposite view of morality (right vs. wrong).

Back to the thread topic, I think Sony should be held criminally and financially liable for this fiasco.

 

[Lyte]

Back to the thread topic, I think Sony should be held criminally and financially liable for this fiasco.

That would be like holding Ford liable for someone getting behind the wheel of one otheir vehicles (e.g. drunk) and injuring somone. :td:

Lyte

 

[gonchiweb]

look this new if found while surfing the web:
a security investigator informed into vulnerabilities in security systems, and left to his e-mail and nick of the IRC to "the vulnerable" companies. Quickbasic (this man) admitted to have entered the servant of Property, as well as a newspaper of Madrid (ABC), where he introduced a false new that it was in cover 10 seconds. Nowhere it caused damages to the system; in all it leave a note explaining how replace the covers and what failure had taken advantage of to enter. It was denounced by the Popular Party, the Treasury of the Social Security and the University of Santiago. The PP requested four years of prison and that paid the expenses of the audit that carried out in its computers, as well as the purchase to him of programs to assure their systems he said "I left my name, nickname Them and direction of electronic mail in case they wanted to contact with me and, for my surprise, that contacted to me was the police. I didnt wait that. Perhaps a fine, but not that requested prison, nor that sent a commando from Madrid to arrest me. [... ] "finally he has been acquitted of all the positions

 

[sjp]

For those of you who are unaware of the whole Sony fiasco, read Mark Russinovich's blog at http://www.sysinternals.com/Blog/ . Lawsuits against Sony have been filed in several countries and I bet they're going to be fined for their little software protection scheme. They've compromised the system security and system stability of unknowing end-users. That there's a bunch of viruses exploiting this now is completely irrelevant.

About the virus writers. I suspect that most of the virus writers are still in high school or even younger. Didn't we all do stupid shit when we were kids? Like that one time in elementary school when I and a friend broke some windows of an abandoned factory only to find out that the factory wasn't abandoned at all a few hours later when the company phoned my parents. What I want to say is that I can forgive the younger virus writers, they're more likely just misguided and clueless and not the destruction-crazy sociopaths some of you describe them as.

That doesn't mean they should not be punished, of course. I fully support convicting them to a load of community work if they're young and anything up to jail for severe viruses if they're adults (who might really be destruction-crazy sociopaths then).

 

[Lyte]

Didn't we all do stupid shit when we were kids?

There's a huge gap between "stupid shit" and malicious criminal behavior.

 

[armstrong]

That would be like holding Ford liable for someone getting behind the wheel of one otheir vehicles (e.g. drunk) and injuring somone. :td:

Lyte

*If* Sony's CD, when played in a Ford, would cause the doors to open under certain conditions, and thieves exploit this bug to steal your vehicle, wouldn't that make Sony liable? Well, their software opens computers to hackers. Same thing.

 

[Lyte]

*If* Sony's CD, when played in a Ford, would cause the doors to open under certain conditions, and thieves exploit this bug to steal your vehicle, wouldn't that make Sony liable? Well, their software opens computers to hackers. Same thing.

Well, it's not quite the same thing cuz Sony's BMG is not a "bug." Let's say Ford had a tracking device to assist in the car's recovery. If someone then hacked that device and used it maliciously, that's not Ford's fault.

Now, Sony/Ford should do their best to close this avenue for hackers as soon as possible! If they became aware of the opportunity to exploit something they created, then they might have some responsibility to safe guard it.

Lyte