So, this is the Sony Legacy … after so many years of being one of the best electronics companies out there?
Several Trojan horses are attempting to take advantage of the media controversy surrounding Sony’s use of a root kit as a digital rights management mechanism. Bkdr_breplibot.c (alias Backdoor.Ryknos Trojan (Symantec)) is one of several variations of the Breplibot Trojan that use the Sony DRM root-kit technology to hide the presence of their own remote access Trojan horse. The malicious code initially arrives via spam e-mail, pretending to ask permission to use a photograph in an upcoming magazine. It is unclear how much of threat this poses to average users, since not all Sony CDs contain the DRM software. Breplibot infects Windows PC; Mac OS, Linux, and Unix users are not at risk. Because Breplibot spreads via e-mail, may allow remote access, and could cause system damage, this Trojan has a ranking of 6 on the CNET/ZDNet Virus Meter.
And apparently, there is another fix now from Sony/First4Internet.
INFORMATION ABOUT XCP PROTECTED CDs
CDs containing XCP content protection software developed by First4Internet for SONY BMG may increase the vulnerability of your computer to certain computer viruses. To address these concerns, we are providing you with a software tool for download that offers you two options.
You may either:
Update the XCP software on your computer.
This option installs an update which removes the component of the XCP software that has been the subject of public attention and will alleviate concerns you may have about the software posing potential security vulnerabilities. It will also enable you to continue using the protected disc(s) on your computer.
Completely uninstall the XCP software and associated content protection files.
This option will remove all XCP and associated content protection files, including service/processes, registry entries and folders from your computer. Note that once you delete the XCP content protection software, if you wish to play a CD protected with XCP it will be necessary to reinstall the XCP software in accordance with that CD’s End User License Agreement after you insert the disc into your computer.
Sure hope it’s better than the recent one released for SunnComm MediaMax that we talked about in the last posting.
UPDATE: I didn’t have to wait long to hear more on this from Freedom To Tinker.
CD Copy Protection: The Road to Spyware
Advocates of DRM (copy protection) have been keeping their heads down lately, while they try to figure out what went wrong in the SonyBMG DRM spyware fiasco. No doubt theyâ€™ll try to explain it away as an anomaly â€” just a little speed bump on the road to the effective, unobtrusive DRM future that theyâ€™re sure will be arriving any day now.
There are some problems with this story. For starters, weâ€™re not talking about a single DRM system â€” weâ€™re talking about two totally separate systems (XCP and MediaMax), developed by rival companies, both of which turned out to be spyware and to endanger users, in strikingly similar ways. Is this just a coincidence?
Of course itâ€™s not. If we look carefully at CD copy protection as a technical problem, weâ€™ll see why DRM designers are drawn to spyware tactics as their best hope of stopping copying. Let me explain why.
CDs store music files in Compact Disc Digital Audio (CDDA) format, which is easily readable by a wide range of devices. If the music is encrypted or stored in some other tricky format, ordinary audio CD players wonâ€™t be able to read it, and the disc will be useless to most customers. So backward compatibility requires that the music be stored in a format that is readable by computer software.
(Technical digression: There are actually small differences between how a computer reads a disc and how ordinary audio CD players read it. So-called passive protection technologies try to exploit these differences by putting things on the disc that try to confuse computers without affecting ordinary players. For our purposes, it will suffice to say that purely passive protection systems are not viable, because computers are not so easily confused. To my knowledge, purely passive CD DRM technologies arenâ€™t being used any more, although some current vendors combine passive protection with active measures. For reasons too boring to go into here, passive protection doesnâ€™t really affect my analysis; and so to streamline the discussion Iâ€™ll assume from here on that there is no passive protection.)
Much more in the article. Great read!
EDIT: Hmmm. Must have hit a nerve somewhere. Several spam messages attempted to be posted on my blog after this posting.