[Dshield] Rootkits All Around: Universal Music Has It ,Too

Don Jackson dwjackson at bcbsal.org
Wed Nov 2 20:38:53 GMT 2005


>>>> mrcorp at yahoo.com 11/2/2005 1:34 PM >>>
>So am I to understand that this program takes Root ownership away from
the system
>administrator/owner?  That is also hides its activities from antivirus
and other tools?  and
>allows an outside person access to the system?

While what are generally called "rootkits" often do these things, they
don't necessarily have to do what you described to actually be
rootkits.

Connotatively, to me, this is a rootkit because it is software that
runs at or above the OS superuser's privilege level, alongside or
above the kernel.  Rootkits are generally undesirable, performing
actions that the administrator would not normally allow.  Because of
this, they need to hide and take measures to avoid detection and
removal.

On all those counts, I feel right in calling this software a rootkit.
Obviously, many others do, too.

1. It just has to run at that privilege level to accomplish its
dubious goals, not lock out the admin specifically.

2. Whether it hides from a trained researcher or the
average Van Zant fan is irrelevant if removing it kills
your OS.

3. As long as the software is acting as an agent of Sony,
enforcing their whim on your system against your wishes,
Sony has already gained access (remote access if you
include media as a vector) through deceptive practices that
have already been ruled against in other cases (i.e.,
disingenuous EULAs in spyware/adware cases).

Let's not let a question of semantics get in the way of the fact
that if a private citizen perpetrated the same ingenuous
actions as Sony against a similar number of PCs, he would be
facing years of federal prison time.



*** *** *** *** *** *** *** *** *** ***
  CONFIDENTIALITY NOTICE  
This e-mail is intended for the sole use of the individual(s) to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law.  You are hereby notified that any dissemination, duplication, or distribution of this transmission by someone other than the intended addressee or its designated agent is strictly prohibited.  If you receive this e-mail in error, please notify me immediately by replying to this e-mail.
*** *** *** *** *** *** *** *** *** ***


More information about the list mailing list