Feeds

Researcher: Sony BMG rootkit still widespread

'The global scope is the big mystery here'

Next gen security for virtualised datacentres

WASHINGTON D.C. Hundreds of thousands of networks across the globe, including many military and government networks, appear to still contain PCs with the controversial copy-protection software installed by music discs sold by media giant Sony BMG, a security researcher told attendees at the ShmooCon hacking conference this weekend.

Building on previous research that suggested some 570,000 networks had computers affected by the software, infrastructure security expert Dan Kaminsky used a different address used by the copy protection software to estimate that, a month later, 350,000 networks - many belonging to the military and government - contain computers affected by the software.

"It is unquestionable that Sony's code has gotten into military and government networks, and not necessarily just U.S. military and government networks," Kaminsky said in an interview after his presentation at ShmooCon. The researcher would not say how many networks belonged to government or military top-level domains.

The latest research results comes as Sony BMG is attempting to finish up this particular embarrassing chapter in the company's use of digital-rights management software. Earlier this month, a New York district court judge gave the nod to a settlement penned by Sony BMG and the attorneys for six class-action lawsuits in the state. More than 15 other lawsuits are pending against the media giant, according to court filings.

The controversy surrounds several flaws in two types of copy-protection software used on Sony BMG music CDs and the company's previous practices of hiding the software from a computer's user and making removal of the software extremely inconvenient. The two practices - considered unfair by the Attorney General for the State of Texas, whose office sued Sony BMG--resemble "rootkit" techniques used by malicious internet attackers.

Sony BMG uses two types of digital-rights management (DRM) software: the Extended Copy Protection (XCP) program created by First 4 Internet and the MediaMax program created by SunnComm.

Kaminsky's research uses a feature of domain-name system (DNS) servers: The computers will tell whether an address has recently been looked up by the server. The security researcher worked from a list of nine million domain-name servers, about three million of which are reachable by computers outside their networks. Kaminskly sent DNS requests to the three million systems, asking each to look up whether an address used by the XCP software - in this case, xcpimages.sonybmg.com - was in the systems' caches.

During his first survey, carried out over three days in mid-November, he found 568,000 DNS servers had previously been asked to look up three different server addresses used by the XCP software. Another 350,000 servers had to be thrown out from the data set because they did not obey commands to only look in their cache, and instead asked for information from other servers on the Internet.

The most recent survey, which lasted between December 15 and December 23, he found 350,000 servers had the unique address in their caches. While other factors may increase or decrease the number, Kaminsky continues to stress that the experiment is about finding out the magnitude of the impact of Sony BMG's software.

"The data shows that this is most likely a hundreds-of-thousands to millions of victims issue," Kaminsky said.

The data might also show how widespread piracy has become. The 52 music titles released with the XCP software were only released in North America, he said. However, the network apparently affected by the Sony BMG issue covered 135 countries. About 4.7 million discs were manufactured and about 2.1 million had sold, according to Sony statements.

"The global scope is the big mystery here," he said. "It is fairly likely that a lot of the discs were pirated."

In December, Sony BMG changed the banner ad that displays on PCs that play a CD to a graphic that requests them to download the uninstaller. The graphical reminder showed that Sony BMG is taking the threat seriously, Kaminsky said, and could be responsible for much of the decrease in his numbers. Sony BMG could not be reached for comment on Monday.

While the security issues related to the copy-protection software have apparently affected US government and military computers, the Department of Justice will not likely get involved, said Jennifer Granick, executive director of the Center for Internet and Society at Stanford Law School.

"I don't see the federal government suing a big company like Sony," she said. "The fact that military networks have likely been affected by this won't change that."

This article was first published at SecurityFocus.

Copyright © 2006, SecurityFocus

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.