Art’s Blog

E.W. Felten & J.A. Halderman
IEEE Security & Privacy, Vol 4 No 1, January/February 2006, pp 18-23

Sysinternals’ Mark Russinovich discovered a rootkit included in a number of Sony BMG music CDs. The rootkit, part of First4Internet’s XCP copy protection technology, modifies the Windows kernel to hide files that start with $sys$, limits the number of times music files from a Sony CD can be copied, and alerts Sony every time an XCP-protected CD is played. Attempts to remove XCP could crash a computer and render it unusable without a complete hard drive reformat. Hackers have begun using the $sys$ prefix to hide malicious files, antivirus companies are issuing workarounds and signatures for XCP, and Sony faces several civil suits as a result. The XCP controversy has even affected the open source community, since some of the code might have been lifted from open-source software in violation of the GNU Foundation’s General Public License.

This entry was posted on Wednesday, June 14th, 2006 at 10:42 pm and is filed under Networking & Security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.