ntang (ntang) wrote,
ntang
ntang

  • Mood:
  • Music:

Sony/BMG Music Rootkit

If you run Windows and have purchased any copy-protected Sony/BMG cd's, you may have a rootkit installed.

Long story short: it's a piece of software that hides itself from you, makes unauthorized access to the Sony site, and stays resident in memory where it takes up RAM and CPU cycles. And that's the good news. :P

You can read all about it here:
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html
http://www.sysinternals.com/blog/2005/11/sonys-rootkit-first-4-internet.html

To see if you're running it, download, unzip, and run RootkitRevealer:
http://www.sysinternals.com/utilities/rootkitrevealer.html

If you see any entries with text like aries.sys, crater.sys, $sys$aries, $sys$crater, $sys$cor, you've been compromised. The good news is you can stop it from running by going to Start -> Run and typing "sc delete $sys$aries", which will remove the driver from the Registry so it won't be loaded when you boot your machine anymore; at this point you can safely delete the files (if you want). But don't take my word for it, read the articles I mentioned above.
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 3 comments