Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Sony Xpc Rootkit - Key Info & List Of 52 Cds

  • Please log in to reply
1 reply to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:02:21 PM

Posted 19 November 2005 - 09:00 AM

I thought the 52 "dangerous" album titles link might be beneficial for our members as a separate reference post, which I'll lock so that we don't detract from other discussion threads

One of my friends in the security field shared an excellent summary of the failed attempt by Sony BMG to better protect their music from Copyright violations. As an ethical individual, I respect the intellectual property rights of those in the music industry. The approach Sony used created harm and potential security issues for innocent loyal customers, who purchased their CDs in good faith.

The rootkit may have appeared to be a good technical solution on the drawing board for better protecting digital rights. However, they didn't exercise risk management and plan well for things that could go wrong, including opening up the customer's PC to emerging security risks based on new malware that takes advantage of the rootkit architecture.

The following provides an update for this issue with several related links:

Sony/BMG has just recalled 52 music CDs, all of which came with software which will install "rootkit" spyware programs on your Windows computer. If you have any of these CDs and have played them on your Windows PCs, your computers may be infected with some truly nasty software. This problem does NOT affect Macs or Linux computers and may not have affected you if you run a secure Windows setup. More than 500,000 computers are known to be infected worldwide.

List of 52 infected Sony CDs being recalled

More on Sony's recall notice to replace these CDs at no charge to the owner

The Sony/BMG website has an uninstall program that is supposed to clean up the infection. HOWEVER, as of today, their uninstall program leaves your computer MORE VULNERABLE than before! Check with your anti-virus vendor to see if your AV can clean up this problem.

Microsoft is upgrading their Malicious Software Removal Tool, which is updated once a month. It will soon be updated to remove the XCP modifications that Sony/BMG put on your computer, but it's not available currently. More information can be found at these sites:

Sony BMG's copy-protection problems grow

Mark's Sysinternals Blog Victory!

Sony's DRM Rootkit: The Real Story

Secunia Advisory

US CERT Advisory

Security issues may surface using Sony's XCP uninstall tools

Security issues may surface using Sony's uninstall for SunnComm MediaMax (another DRM)

Rootkits could mean a complete rebuild for your PC

How do we remove rootkits? -- There is only one guaranteed way to remove a rootkit. You destroy the system and then rebuild it. There is no other way to reliable remove a rootkit — no other way whatsoever. You can't delete the file or even reinstall the operating system over the top of the existing OS — which is a horrible practice anyway. It is super important to nuke the system because a rootkit's primary function is stealth — what is it hiding? Do you know? Usually not. How can you reliably know what it was hiding, what it was compromising or what it was removing?

Key Advice for now: Please do not play CDs using your PC until this issue is fully addressed (or if you do play CDs not on the list, still be vigilant and cautious). It could require rebuilding your PC.

Ideas for Infected Users: If you are currently infected with the XCP software, some standalone tools and removers are available. Do not try to remove this manually unless you have complete directions and you are highly skilled as a computer technician. Your CD-ROM or PC may no longer work properly if you fail to remove the rootkit properly. I believe further “help is on the way“ and infected users might be better served to wait a little while longer until better tools are published.

BC AdBot (Login to Remove)


#2 harrywaldron


    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:02:21 PM

Posted 07 December 2005 - 11:50 PM

Sony SunnComm vulnerability - Avoid these 27 CDs

Sony lists 27 CDs with SunnComm MediaMax vulnerability

27 CDs containing SunnComm MediaMax Version 5 Content Protection Software

The danger is associated with copy-protection software included on some Sony discs created by a company called SunnComm Technologies. The vulnerability could allow malicious programmers to gain control of computers that have run the software, which is typically installed automatically when a disc is put in a computer's CD drive.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users