Sony’s Rootkit

Yesterday there was a lot of coverage about Sony’s way of protecting its DRM software for audio CDs.

You’ve probably already read about this issue elsewhere, so I’ll skip most of the technical details.

In short, Sony BMG is using rootkit technology in order to hide and protect its DRM software. This is to prevent CDs produced by the company from being copied too often.

Using rootkit technology is an extremely dubious technique, and the poor coding of this particular example also raised our eyebrows.

Not only will this software slow down your computer, it can also lead to system instability. A number of people have reported that this software has led to the infamous Blue Screen Of Death.

The software can also mess up your system when you try and remove it from your computer. Possibly worst of all, the way this rootkit is coded makes it easy for it to be used to hide malware.

We would like to highlight that according to ASC’s definition of SpyWare this software may be classified as such.

* May be a nuisance and impair productivity
* Can slow machine down or cause crashes and loss of data
* May be associated with security risks
* Can compromise system integrity and security
* Done covertly, it is stealing cycles and other resources

Rootkits are rapidly becoming one of the biggest issues in cybersecurity. Vendors are making more and more of an effort to detect this kind of threat. So why is Sony opting to use this dubious technology?

Naturally, we’re strongly against this development. We can only hope that this message comes across loud and clear to the people who have a say in this at Sony and elsewhere. We’d hate to see the use of rootkits becoming a habit among mainstream software manufacturers, when there are so many security and ethical arguments against such use.

Since the issue was made public, Sony BMG has put up a statement regarding this issue here.

Also, First 4’s CEO, the company which is responsible for the software in this case, has been quoted as saying that the company has been working on a different technology which will not utilize rootkit technology.

It may be that some games have similar rootkit ‘protection’.
If you have any evidence of this relating to specific games, please place a comment here.

Sony’s Rootkit

Your email address will not be published. Required fields are marked *



Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

What did DeathStalker hide between two ferns?

While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”.

Subscribe to our weekly e-mails

The hottest research right in your inbox