Sony Recalls Rootkit-Plagued CDs

The music giant blames the software developer behind its copyright protection.
Posted November 17, 2005
By

Jim Wagner


Sony BMG is recalling the copyright-protected music CDs that have been causing no end of grief to the company.

The recall comes in the wake of a large number of security issues surrounding the use of Extended Copyright Protection (XCP), a digital rights management (DRM) application created by U.K.-based First 4 Internet, and the applications used to remove the software.

Customers of some 50 different Sony titles bearing the protection scheme will be able to mail in the affected CDs in exchange for a CD without the copyright protections on them, officials said in a statement posted to the Web site.

Security experts discovered that Sony music CDs with the copyright protection in place contained a rootkit, a method often employed by malware writers, which cloaked the scanning of end-user computers to determine if they were copying tunes.

The music giant blames First 4 Internet and commiserates with its customers over the security concerns created by the software.

"We share the concerns of consumers regarding these discs, and we are instituting a program that will allow consumers to exchange any CD with XCP software for the same CD without copy protection," the statement read. "We also have asked our retail partners to remove all unsold CDs with XCP software from their store shelves and inventory."

Sony officials were not available for comment on how many CDs the recall entails or whether it would continue using modified XCP software with upcoming CDs. A fact sheet on the recall states the company is "re-examining all aspects of our content protection initiatives."

An official at First 4 Internet said the company is not making any comments at this time.

Sony has been doing its best to minimize the damage in public perception caused by the discovery of a rootkit in its copy-protected music CDs and the ensuing furor over security issues related to its software patches, but the hits just keep coming.

The beleaguered music giant is finding out that while some technologies are great for the company and make it relatively easy to, say, hide the scanning of running processes on a PC, other technologies can bite back.

That's the case of the work conducted by Dan Kaminsky, a noted DNS (define) expert who took the data from DNS queries from Sony's rootkit and then mapped them on a digital globe.

It seems that First 4 Internet's DRM software also contacts Sony's Web servers to announce its presence. Each time that connection is made, Kaminsky noted in his blog, it leaves a footprint in name servers (define) that can be tracked through a technique called DNS cache snooping.

Kaminsky discovered that at least 568,200 name servers contained entries related to the rootkit. While the method doesn't translate into exactly how many end-user computers are affected, since multiple users can go through one name server, "at that scale, it doesn't take much to make this a multi-million host, worm-scale incident," he wrote.

He then used the IP addresses of the name servers and mapped them using the libipgeo and IP2LOCATION applications, showing a DNS spread that covers more than half the U.S. Mapping data shows widespread use in Asia and Europe, as well.

This article was first published on InternetNews.com. To read the full article, click here.






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.