Incidents

Sony’s Rootkit

Yesterday there was a lot of coverage about Sony’s way of protecting its DRM software for audio CDs.

You’ve probably already read about this issue elsewhere, so I’ll skip most of the technical details.

In short, Sony BMG is using rootkit technology in order to hide and protect its DRM software. This is to prevent CDs produced by the company from being copied too often.

Using rootkit technology is an extremely dubious technique, and the poor coding of this particular example also raised our eyebrows.

Not only will this software slow down your computer, it can also lead to system instability. A number of people have reported that this software has led to the infamous Blue Screen Of Death.

The software can also mess up your system when you try and remove it from your computer. Possibly worst of all, the way this rootkit is coded makes it easy for it to be used to hide malware.

We would like to highlight that according to ASC’s definition of SpyWare this software may be classified as such.

* May be a nuisance and impair productivity
* Can slow machine down or cause crashes and loss of data
* May be associated with security risks
* Can compromise system integrity and security
* Done covertly, it is stealing cycles and other resources

Rootkits are rapidly becoming one of the biggest issues in cybersecurity. Vendors are making more and more of an effort to detect this kind of threat. So why is Sony opting to use this dubious technology?

Naturally, we’re strongly against this development. We can only hope that this message comes across loud and clear to the people who have a say in this at Sony and elsewhere. We’d hate to see the use of rootkits becoming a habit among mainstream software manufacturers, when there are so many security and ethical arguments against such use.

Since the issue was made public, Sony BMG has put up a statement regarding this issue here.

Also, First 4’s CEO, the company which is responsible for the software in this case, has been quoted as saying that the company has been working on a different technology which will not utilize rootkit technology.

P.S.
It may be that some games have similar rootkit ‘protection’.
If you have any evidence of this relating to specific games, please place a comment here.

Sony’s Rootkit

Your email address will not be published.

 

Reports

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Lazarus Trojanized DeFi app for delivering malware

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.

MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

Subscribe to our weekly e-mails

The hottest research right in your inbox