Sony DRM Rootkit - collected Wilders-threads

FanJ · Nov 13, 2005

I thought that it might be a good idea to give a list of all the threads here at the Wilders-board about the Sony DRM Rootkit.
Name and link of the thread is given.

To the Mods: I wasn't sure where to post this.
To all: please feel free to add threads that I forgot to add.

Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management...
https://www.wilderssecurity.com/showthread.php?t=104457

First Trojan using Sony DRM spotted
https://www.wilderssecurity.com/showthread.php?t=105944

SONY.....Need info on the "Legal" rootkit
https://www.wilderssecurity.com/showthread.php?t=104827

can ProcessGuard protect form sony rootkit? is there secreenshot?
https://www.wilderssecurity.com/showthread.php?t=105890

Will NOD32 protect against First-4 (Sony/BMG) Rootkit
https://www.wilderssecurity.com/showthread.php?t=105097
(thread is closed)

Is NOD32 going to detect and stop this type of thing?
https://www.wilderssecurity.com/showthread.php?t=104672

SONY throws in the towel ... for now.
https://www.wilderssecurity.com/showthread.php?t=106216&

Panda: TruPrevent, Trojans, and Sony's anti-piracy system
https://www.wilderssecurity.com/showthread.php?t=106170

Norman SandBox with early detection of security risk created by DRM protected Sony
https://www.wilderssecurity.com/showthread.php?t=105974

MS Anti Spyware to wipe Sony Rootkit
https://www.wilderssecurity.com/showthread.php?t=106421

Will anti-rookit programs detect Sony rootkit?
https://www.wilderssecurity.com/showthread.php?t=105494

PestPatrol will detect and remove Sony's rootkit-enabled DRM software
https://www.wilderssecurity.com/showthread.php?t=106454

Is there any potential risks in Sony's BMG:s?
https://www.wilderssecurity.com/showthread.php?t=105007

Stephanos G. · Nov 14, 2005

Thanks

FanJ · Nov 14, 2005

BOClean and Sony DRM Rootkit
https://www.wilderssecurity.com/showthread.php?t=106666

ronjor · Nov 14, 2005

How to remove the Sony - XCP DRM Rootkit

Bleeping Computer

controler · Nov 15, 2005

Manual deletion of DRM rootkit service:

1. Click on the Start button.

2. Click on the Run option.

3. In the Open: field type cmd /k sc delete $sys$aries and press the OK button.

4. Reboot your computer

5. Delete C:\%WinDir%\system32\$sys$filesystem\aries.sys (Replace %WinDir% with the directory that Windows is installed on your computer)
Click to expand...

I always thought the service should be stopped before deleting?

net stop $sys$aries

NO?

controler

Bubba · Nov 15, 2005

controler said:

I always thought the service should be stopped before deleting?
Click to expand...

Still learning them but are not most rootkits drivers and is not aries.sys a driver ?

Bubba · Nov 15, 2005

Muzzy's research about Sony's XCP DRM system

http://hack.fi/~muzzy/sony-drm/

ronjor · Nov 15, 2005

Sony's 'Rootkit' Is on 500,000 Systems

Sony BMG will have a big job ahead of it as it tries to replace all copies of controversial copy protection software, according to a computer security expert, who says that he has evidence there are more than 500,000 versions of the program installed worldwide
Click to expand...

.

Story

J at A · Nov 15, 2005

Sony Rootkit and blocking F4I's ActiveX control CodeSupport CLSID
https://www.wilderssecurity.com/showthread.php?t=106868

FanJ · Nov 17, 2005

SONY XCP DRM removal for the Handyperson
https://www.wilderssecurity.com/showthread.php?t=107012

Warning : only for experienced users !!!

EDITED to add:

Thread at DSLR/BBR-security-forum:
http://www.dslreports.com/forum/remark,14817570

Bubba · Nov 16, 2005

Mark's Sysinternals Blog....Wednesday, November 16, 2005

Victory!
I’m proud to announce a significant victory in the ongoing Sony Digital Rights Management (DRM) saga; Sony has capitulated almost entirely. While not publicly admitting blame for distributing a rootkit, providing no uninstall for the DRM software, implementing a music player that sends information to Sony’s site, and supplying a remotely-exploitable ActiveX control for the on-line uninstall they eventually made available – all without any disclosure to users – they have come close.
Click to expand...

blackimp · Nov 17, 2005

http://www.wired.com/news/privacy/0,1848,69601,00.html?tw=wn_tophead_2

FanJ · Nov 17, 2005

Another thread about NOD32 and the rootkit:

Win32/Rootkit.XCP
https://www.wilderssecurity.com/showthread.php?t=107148

controler · Nov 17, 2005

Bubba and VXD's are drivers too LOL

bought a new Neil Diamond CD today with the rootkit on it at Best Buy

FanJ · Nov 18, 2005

Uninstaller for Other Sony DRM Also Opens Security Hole

https://www.wilderssecurity.com/showthread.php?t=107220

controler · Nov 20, 2005

UnHackMe Pro

Labled as Hacker Defender

1. Scan for viruses:

C:\WINDOWS\CDProxeyServ.exe

c:\WINDOWS\system\$sys$filesystem\$sys$DRMServer

C:\WINDOWS\SYSTEM32\DRIVERS\$sys$COR.SYS

2. Checkme Now;

$sys$aires

$sys$cor

$sys$crater

$sys$DRMServer

$sys$lim

$sys$oct

Regrun reanimator shows the same VXD Driver with the $sys$ prefix.

& WIndows Core

Yuppers · Nov 20, 2005

Did they do it to Playstation also?

http://www.sysinternals.com/Forum/forum_posts.asp?TID=2490&PN=1

ronjor · Nov 21, 2005

Texas Sues Sony BMG Over CD Rootkit

ronjor · Nov 22, 2005

EFF Takes Action Against Sony BMG

Wayne - DiamondCS · Nov 22, 2005

Sony Rootkit Screenshots
https://www.wilderssecurity.com/showthread.php?p=613255

Triple Helix · Nov 22, 2005

This is a great story: Updated!!

http://www.oag.state.tx.us/oagNews/release.php?id=1266

Cheers,

TNT · Nov 22, 2005

Sony: did anybody take a look at this?

http://www.doxpara.com/?q=/node/1129

eyes-open · Nov 24, 2005

http://businessweek.com/technology/content/nov2005/tc20051122_343542.htm

"Along with lawyers, prosecutors, and furious fans, artists are joining the backlash against the label for slipping a hidden, anti-theft program into users' computers"

ronjor · Dec 6, 2005

New Sony CD security risk found

Sony BMG Music Entertainment and the Electronic Frontier Foundation digital rights group jointly announced Tuesday that they had found, and fixed, a new computer security risk associated with some of the record label's CDs.
Click to expand...

Story

beetlejuice69 · Dec 7, 2005

New Sony CD security risk found

http://news.zdnet.com/2100-1009_22-5984764.html?tag=nl.e589

Log in or Sign up

Sony DRM Rootkit - collected Wilders-threads

FanJ Guest

Stephanos G. Registered Member

FanJ Guest

ronjor Global Moderator

controler Guest

Bubba Updates Team

Bubba Updates Team

ronjor Global Moderator

J at A Guest

FanJ Guest

Bubba Updates Team

blackimp Registered Member

FanJ Guest

controler Guest

FanJ Guest

controler Guest

Attached Files:

Windows Core.jpg

Yuppers Guest

ronjor Global Moderator

ronjor Global Moderator

Wayne - DiamondCS Security Expert

Triple Helix Specialist

TNT Registered Member

eyes-open Registered Member

ronjor Global Moderator

beetlejuice69 Registered Member

Log in or Sign up

Sony DRM Rootkit - collected Wilders-threads

FanJ Guest

Stephanos G. Registered Member

FanJ Guest

ronjor Global Moderator

controler Guest

Bubba Updates Team

Bubba Updates Team

ronjor Global Moderator

J at A Guest

FanJ Guest

Bubba Updates Team

blackimp Registered Member

FanJ Guest

controler Guest

FanJ Guest

controler Guest

Attached Files:

Windows Core.jpg

Yuppers Guest

ronjor Global Moderator

ronjor Global Moderator

Wayne - DiamondCS Security Expert

Triple Helix Specialist

TNT Registered Member

eyes-open Registered Member

ronjor Global Moderator

beetlejuice69 Registered Member

Useful Searches