Sony malware infections in the millions – security expert | TG Daily

At first glance, Dan Kaminsky’s bright red-colored map of the world looks like a visualization of global population – but it’s actually a map of networks carrying Sony’s DRM software. The computer security expert estimated the number of infected networks and superimposed the data as red dots on a map of the world. The result is a impressively red globe. Kaminsky told TG Daily that “there could be three million or more infected computers.”

More in the article above and at Dan Kaminsky’s site DoxPara.

It now appears that at least 568,200 nameservers have witnessed DNS queries related to the rootkit. How many hosts does this correspond to? Only Sony (and First4Internet) knows…unsurprisingly, they are not particularly communicative.

Brian Krebs at the Security Fix stated in his article entitled: “Researcher: Sony DRM on Half a Million Networks.”

As you might expect, the most-affected nodes are located in Japan (217,296), followed closely by the United States (130,519). Interestingly, it’s hard to find a country where Sony’s anti-piracy software isn’t installed. Kaminsky detected installs in Afghanistan, Iraq, Mali, Mongolia, Myanmar, Guam, Cameroon, Congo and Micronesia, to name just a few stragglers at the bottom of the list.

Just take a look at the numbers of DNS requests in each country that Dan Kaminsky found.

This from the story at

More than half a million networks, including military and government sites, were likely infected by copy-restriction software distributed by Sony on a handful of its CDs, according to a statistical analysis of domain servers conducted by a well-respected security researcher and confirmed by independent experts Tuesday.

Sony BMG has been on the run for almost two weeks with the public relations debacle of its XCP copy-restriction software, which has installed an exploit-vulnerable rootkit with at least 20 popular music titles on PCs all over the world.

And this may or may not be the only problematic DRM software either. Here’s a quote from the USAToday article entitled “Copy-protected-CD flap raises questions.”

Q: What about other copy-protected CDs? Are they as problematic, and how do I find them?

A: At the Barnes & Noble store, copy-protected CDs from Sony artists Alicia Keys, Santana, Babyface and Maroon 5, which use software from SunnComm, also were not labeled with a sticker. The fine print on the back of those CDs says “?”

To listen to these CDs on a PC, you also must install special software. They aren’t supposed to play in iTunes, but USA TODAY initially had no trouble playing the CDs in iTunes or saving the files to the hard drive for copying to the iPod. But that was before we clicked on the album cover icon when it showed up in My Computer. Then, we had to accept a license agreement. Once that was done, the CD would no longer play in iTunes.

Record label EMI has only a handful of copy-protected titles in U.S. release. EMI uses a different copy-protection program: CDS-300 from Macrovision.

In our tests, we couldn’t play the albums in iTunes or Windows Media Player and had to use EMI’s player.

The fine print on the back of EMI discs is larger but doesn’t clearly state that buyers won’t be able to transfer songs to the iPod without considerable workarounds.

From the same article, apparently Amazon is dealing with the XCP disks as defective merchandise and offering a refund with shipping, as long as the customer specifies the request.

BetaNews also reported on this in a posting entitled “Sony Rootkit ‘Fix’ Brings More Trouble.”

Just when you thought the Sony BMG copy-protection debacle couldn’t get any worse, two Princeton researchers have discovered a security flaw in the software provided by the company to uninstall its controversial DRM.

Yeah, how many computers would that be? Hard to say but in the millions wouldn’t be far fetched.

According to my reading, Sony has been distributing this XCP rootkit DRM since March of this year, according to an article on CNET on June 1, 2005. And some folks at Castlecops were questioning what this stuff was on their computers, and actually posted about it back in August.

I wonder how many folks since March 2005 have had their computers *owned* because of this rootkit and had to pay someone to fix it or just reformatted and lost everything? Just to likely put it back on the computer because they didn’t know what caused it in the first place? And the cycle continued. How many spambots did they create? How many botnets did they help to proliferate?

EDIT: See comments on this posting for the link to Sony’s page where they list the 52 titles that have XCP ‘rootkit’ on them!

Comments on: "Sony malware infections in the millions – security expert | TG Daily" (5)

  1. Sony should be run to the ground for this…

  2. Wow epp_b … I only just posted it and you saw it already! I can’t imagine that F4I will be around much longer. And I for one won’t cry for them. And Sony should be paying closer attention to who they contract for work to insure their customer base, if they still have one after this, is kept safe from these types of things. They really are Burning the Faithful as noted in an earlier posting. Unbelievable.

  3. Wow! Sony had only alluded to ‘about 20’ discs that had it originally. Guess that statement was no where near the truth!

    That’s more than twice that number!

    Thanks for the link EvilFixIt!

  4. […] n Sony’s site affected by the XCP ‘rootkit’ DRM (see 2nd comment on post here), and the fact that there are likely millions of PCs still affected by this ‘rootkit […]

Comments are closed.

Tag Cloud

%d bloggers like this: