Feeds

Beastie Boys CD installs virus

Exploits autorun 'feature'

  • alert
  • submit to reddit

High performance access to file storage

A new Beastie Boys' CD called "To the Five Boroughs" (Capitol Records), is raising hackles around the Web for reputedly infecting computers with a virus.

According to a recent thread at BugTraq, an executable file is automatically and silently installed on the user's machine when the CD is loaded. The file is said to be a driver that prevents users from ripping the CD (and perhaps others), and attacks both Windows boxen and Macs.

The infected CD is being distributed worldwide except in the USA and UK, which prevents us from giving a firsthand report. However, according to hearsay, we gather that the Windows version exploits the 'autorun' option, and that the Mac version affects the auto play option.

On Windows, when a CD is loaded, a text file called autorun.inf is read, and any instructions within it are executed. In this case, the machine is instructed to install some manner of DRM driver that prevents copying. We haven't seen either the .inf file or any of the executables, so we can't say how or at what level it accomplishes this - or if indeed it actually does accomplish this.

But assuming that the unconfirmed reports are accurate, we have here a media company infecting users' machines silently with a file that affects a computer's functionality, without first obtaining informed consent: a likely violation of pretty much every jurisdiction's anti-hacking laws. It's possible to foresee criminal charges being brought at some point: after all, having a good reason for spreading malware has never been much of a defence in court. And a file that alters a computer's functioning without the owner's informed consent is the very definition of malware. Because this malware can be transferred from machine to machine on a removable disk, and requires user interaction to spread, it is, quite simply, a computer virus. (A worm, on the other hand, is distinguished by its ability to spread without user interaction.)

CD virus protection

Let's look at the ways this autorun business can be defeated. It's quite easy to disable autorun in Windows by holding down the Shift key when loading a CD. Unfortunately, this has to be done each time the CD is played. However, it's easy to insert the CD once with the Shift key depressed, and then simply rip the tracks to the hard disk. You can then use the CD in other devices, and listen to your corresponding MP3s or whatever on your computer.

You can also disable the autorun "feature" on your Windows machine permanently so that this and other CDs infected with viruses won't affect you in the future.

To do this, go to the Start menu ==> Run, and type in the command regedit. Your registry editor will launch. Navigate to the following key, and edit as shown:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDRom and set Autorun DWORD=0

It might be necessary to create the value, thus: Data Type: DWORD Value Name: Autorun Value: 0

As usual, you must reboot your Windows box for the changes to take effect.

Disinfection

The above procedure assumes that you haven't previously installed the suspected Capitol Records virus, or a similar one from another fine entertainment conglomerate. But if you have, you will need to find and uninstall the malware first. The autorun.inf file on the CD will likely indicate the name of the relevant file(s), the locations where they're installed, and any registry changes made.

Armed with that information, go to the Windows 'uninstall' utility:

Start menu ==> Settings ==> Control Panel ==> Add or Remove Programs ==> Change/Remove.

Look for any program files referenced in the autorun.inf file and uninstall them. If no related programs are listed, you will need to launch the Windows Search Companion and search for any files named in the autorun.inf file and delete them manually. Be sure to activate the options in the "more advanced features" dialog allowing you to search the entire disk (search system folders, search hidden folders, and search subfolders).

Now, a word of caution: if the Capitol Records virus has updated a library file or driver, deleting it might affect your system's functioning, and you might need to re-install Windows to put things right again. (Carefully log the time needed to do this and include it in your criminal complaint.) However, deleting a foreign executable file is safe, so long as it's not one you actually need. So be careful about file name spellings so that you don't accidentally delete an important file that's spelt similar to the one you wish to be rid of. ®

Thomas C Greene is the author of Computer Security for the Home and Small Office, a comprehensive guide to system hardening, malware protection, online anonymity, encryption, and data hygiene for Windows and Linux.

Related stories

Lock-d own CD scores No.1 hit
Biomet ric DRM is 'empowering' says iVue maker
Copy protection to extend to multiple but limited burns
EMI admits CD copy protection compatibility problems
Copy-crippled CDs launch in UK, baffling Auntie Beeb

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Nokia offers 'voluntary retirement' to 6,000+ Indian employees
India's 'predictability and stability' cited as mobe-maker's tax payment deadline nears
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.