Mark's Sysinternals Blog

[Webb]

This story poses an interesting question:

What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers? And this isn't one of those lightning-fast internet worms; this one has been spreading since mid-2004. Because it spread through infected CDs, not through internet connections, they didn't notice? This is exactly the kind of thing we're paying those companies to detect -- especially because the rootkit was phoning home.But much worse than not detecting it before Russinovich's discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.McAfee didn't add detection code until Nov. 9, and as of Nov. 15 it doesn't remove the rootkit, only the cloaking device.

[Guest LilBambi]

Webb, that was my concern (on a post here) on SNL Forums earlier with Microsoft's Antispyware and Anti-malware tool. It sounded like they were only removing the de-cloaking from the the anti-malware blog at Microsoft. And now we find out that the AVs like McAfee are only removing the de-cloaking too? And if that wasn't bad enough ... on my blog entry "Sony malware infections in the millions - security expert | TG Daily", one of the comments posted this morning gave a link to Sony's site where they list the discs that include the XCP .... 52 of them!!!!This gets worse by the day!

Edited November 17, 2005 by LilBambi

[Marsden11]

Sony should be headed down after all the rootkit rucus... Are they? Nope!

According to data from market tracker Nielsen SoundScan, the discs carrying Sony's copy protection software suffered little, if any, decline in sales compared with other medium-selling titles at similar points in their release cycles--at least up to the point of Sony's recall last week. Sales of the title first and most widely associated with the problem, southern rockers Van Zant's "Get Right with the Man," actually climbed in the two weeks following exposure of the CD's security risks, according to Nielsen SoundScan data. Celine Dion's album "On Ne Change Pas" held steady at 300 copies per week throughout the controversy. Several titles that were closer to their release dates, such as albums by Trey Anastasio and Puerto Rican singer Chayanne, showed more substantial drops over the same period of time. However, industry insiders said even these week-to-week drops were not unusual, close to an album's release. Another measure of albums' popularity is provided by Gracenote, whose CDDB--Compact Disc Database--service counts how many times people put CDs in their computers using a media player such as iTunes, Windows Media Player or RealPlayer. These programs automatically look up the album name and song titles. A representative for Gracenote said the company's data shows no appreciable difference in trends--and specifically no obvious drop-off in listening--between Van Zant and similar-selling albums that don't carry the rootkit. The same goes for several other recalled Sony titles, it noted.

Source:The online outrage has been huge... but what about brick & mortar music? Zero change... people are not running in demanding Sony's offerings be tossed off the store shelves.Makes you think about wasting time ranting about these things... Edited November 22, 2005 by Marsden11

[Guest LilBambi]

Not really. Just mkes me sad that there will be more computers with this rootkit on them.

[Marsden11]

And if all the companies that offer rootkit removal schemes only de-cloak, then after that de-cloaking, it really isn't a rootkit anymore is it? It sure isn't hiding anything anymore...

[Guest LilBambi]

The web page decloaker that Sony was using, and has stopped distributing, created a secondary problem where any website can make use of it to install whatever they want without user intervention.I hope that's not what they provided to the AV companies to remove it.Sony themselves have not posted an alternate fix on their site. Maybe they are counting on the AVs and Microsoft to remove it for them?

Edited November 23, 2005 by LilBambi

[Guest LilBambi]

Maybe this has not made it big in the brick and mortar stores, which by the way are not as big as the online stores these days, it has made a tremendous impact on the artists at online outlets like Amazon.com as evidenced by this BBC article: Sony’s Escalating “Spyware” Fiasco

Along with lawyers, prosecutors, and furious fans, artists are joining the backlash against the label for slipping a hidden, anti-theft program into users’ computers Van Zant’s Get Right with the Man CD was released in May, but six months later it still was doing better-than-respectable business on Amazon.com (AMZN). The album ranked No. 887 on the online retailer’s list of music sales on Nov. 2. Then news of the CD’s aggressive content safeguards — a sub-rosa software program incorporated courtesy of Sony BMG — exploded on the Internet.

To go from Amazon’s Top 40 to No. 25,902 because of something their “Label” did to them without their knowledge and consent is nothing to sneeze at.Much more in the article, and at my blog.