November 8th, 2005

lung

Sony/BMG Music Rootkit

If you run Windows and have purchased any copy-protected Sony/BMG cd's, you may have a rootkit installed.

Long story short: it's a piece of software that hides itself from you, makes unauthorized access to the Sony site, and stays resident in memory where it takes up RAM and CPU cycles. And that's the good news. :P

You can read all about it here:
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html
http://www.sysinternals.com/blog/2005/11/sonys-rootkit-first-4-internet.html

To see if you're running it, download, unzip, and run RootkitRevealer:
http://www.sysinternals.com/utilities/rootkitrevealer.html

If you see any entries with text like aries.sys, crater.sys, $sys$aries, $sys$crater, $sys$cor, you've been compromised. The good news is you can stop it from running by going to Start -> Run and typing "sc delete $sys$aries", which will remove the driver from the Registry so it won't be loaded when you boot your machine anymore; at this point you can safely delete the files (if you want). But don't take my word for it, read the articles I mentioned above.
  • Current Mood: exhausted exhausted
  • Current Music: Pizzicato Five - Porno 3003