Yet Another Sony Rootkit Update
November 13, 2005 by TomQuite a bit has been happening! First of all, virus/trojan writers have started leveraging the rootkit to hide their malware:
First Trojan using Sony DRM spotted
Sony is also being sued:
Sony hit by lawsuits over root kit
AV vendors also have started releasing tools to remove the rootkit-like portions of the XCP software, such as Sophos. Laura pointed out that Symantec has also released a removal tool:
Sophos develops Sony DRM unmasking tool
Symantec: SecurityRisk.First4DRM
Microsoft, interestingly, has decided that the rootkit is a threat, and is planning to not only release a signuature for Windows Antispyware to remove the rootkit, but the removal tool will also be a part of the Windows Malcious Software Removal Tool, which is updated monthly and released through Windows Update (and therefore auto-updates):
Sony DRM Rootkit to be removed automatically by Microsoft
Anti-Malware Engineering Team: Sony DRM Rootkit
Sony has also [temporarily] stopped producing CD’s with the rootkit DRM, though they are not recalling existing CD’s (list compiled by EFF):
Finally, there is a good summary and analysis of the whole thing here:
Sony BMG faces digital-rights seige
Whew…quite a few articles! I meant to post some earlier, but things have been busy. But I think it’s an important move that Microsoft will be including it in the Malcious Software Removal Tool, because (assuming that most people have Auto Update enabled now), it will run automatically on most people’s computers and remove it.
Lastly, remember that the software was installed by Autorun. It used to be [fairly] easy to disable Autorun in earlier versions of Windows, but it’s a bit more difficult now (to disable it permanently; obviously holding down the Shift key is fairly easy!). This article has information on how to disable it using the registry…an action I strongly suggest.
-Tom
August 15th, 2007 at 7:59 pm
Computer Network Security…
I couldn’t understand some parts of this article, but it sounds interesting…