$0(\)7-BiteMeG's Rootkit: Malware for the Masses

Part of my effort to stay up to date on issues that both interest and concern me I regularly at least scan EFFector email newsletter from EFF good for staying up to date on who is suing who over issues of Information Rights...Personally my view lean towards the side of as much of an open flow of information that is not controlled solely for profit or greed...But certainly in this day and age of the newly emerging info economy, with the pop culture engine of N0fotainment, 7eroValueData, fighting for the rights of the individual do things like blog freely, and enjoy content with value which falls between the pillar of individual subjectivity, good art, and accurate logical information uncoloured by any motivated bias....And our rights be a part of as much spectrum of the data exchange are defended legal watchdog like these guys. Well the article that caught my attention was from the 11-11-05 newsletter issue:

Are You Infected with Sony-BMG's Rootkit?

EFF Confirms Secret Software on 19 CDs

San Francisco - News that some Sony-BMG music CDs install
secret rootkit software on their owners' computers has
shocked and angered thousands of music fans in recent days.
Among the cause for concern is Sony's refusal to publicly
list which CDs contain the infectious software and to
provide a way for music fans to remove it. Now, the
Electronic Frontier Foundation (EFF) has confirmed that the
stealth program is deployed on at least 19 CDs in a variety
of genres.

The software, created by First 4 Internet and known as
XCP2, ostensibly "protects" the music from illegal copying.
But in fact, it blocks a number of legal uses--like
listening to songs on your iPod. The software also
reportedly slows down your computer and makes it more
susceptible to crashes and third-party attacks. And since
the program is designed to hide itself, users may have
trouble diagnosing the problem.

"Entertainment companies often complain that fans refuse to
respect their intellectual property rights. Yet tools like
this refuse to respect our own personal property rights,"
said EFF staff attorney Jason Schultz. "Sony's tactics here
are hypocritical, in addition to being a security threat."

If you listened to a CD with the XCP software on your
Windows PC, your computer is likely already infected. An
EFF investigation confirmed XCP software on 19 titles, but
it's far from a complete list. Sony-BMG continues to refuse
to make such a list available to consumers.

Consumers can spot CDs with XCP by inspecting a CD closely,
checking the left transparent spine on the front of the
case for a label that says "CONTENT PROTECTED." The back of
these CDs also mention XCP in fine print. You can find
pictures of these and other telltale labeling at
http://www.eff.org/IP/DRM/Sony-BMG/ .

"Music fans should protect themselves from this stealth
attack on their computer system," said EFF Senior Staff
Attorney Fred von Lohmann.

For EFF's list of CDs with XCP:
http://www.eff.org/deeplinks/archives/004144.php

The "legalese rootkit" - Sony-BMG's EULA:
http://www.eff.org/deeplinks/archives/004145.php
For this release:
http://www.eff.org/news/archives/2005_11.php#004146

So here I am thinking who would be interesting in this information and well the next day I get an email from someone I'm positive would want to know, and well, it was already too late:


Z,
Made a really BAD decision yesterday.. I picked up Black Rebel Motorcycle Club's "Howl" and My Morning Jackets "Z".
Now, mind you, I quite enjoyed BRMC musically [MMJ was a bit of a disappointment] but I have since discovered that
A) both of these [Sony/BMG] CDs install a rootkit program onto your computer when you click "I Accept" below their statement that you won't be able to even access the CD with your computer unless you click "I Accept",
B) all the tracks turn out to be copy-protected WMA files so iTunes won't recognise the disc and I can't get 'em onto the old iPod ANYWAY,
C) the software, which goes unmentioned anywhere on the product itself, is intended to monitor your use of the CD and report back to big brother via your Internet connection,
D) it's devilishly hard to remove, you have to jump through bureaucratic hoops to get Sony to send you a custom uninstaller file, which won't arrive for about 3 days now,
E) it creates a hole in your firewall big enough to drive a Trojan through, and
F) that in fact one has ALREADY turned up roaming the www looking for vulnerable suckers like me.

More here as well (if you're interested);
SysInternals
The Big Picture
SlashDot

There are also pissed off forums on both bands web sites...

Anyway, I'm going to sell both of these discs to a local used CD store tomorrow, and begin a boycott of both bands, Sony, and anybody else I can think of that might deserve my scorn and contempt.
Damn, cranky just isn't a strong enough word is it?
Now I just want to know how we keep from getting this kind of crap via Amazon and the like?
-IN



Other links:
Sony anti-spyware investigated by (Italian) police from GameShout 11-8-05

Boycott Sony from Wired 11-14-05

Sony recalls copy-protected music CDs from MNS 11-16-05







...Many voices in hushed tones speaking to one another, passing note, and laughing at fools, the exchange rate will fluctuate into a consistant flow, who can hold an idea, in a market of ideas imagination is the key that will free the world....