[Dshield] Rootkits All Around: Universal Music Has It ,Too

Ed Truitt ed.truitt at etee2k.net
Wed Nov 2 21:35:30 GMT 2005


Well, since this package hides itself from the system, I think it meets the criteria for a rootkit.  The fact that it cripples your system if you try and remove it (and aren't very, very careful) gives it a distinctive flavor of 'malware'.

If it walks like a duck, and talks like a duck... DUCK!

-EdTr.
-----Original Message-----
From: Mrcorp <mrcorp at yahoo.com>
Date: Wed, 2 Nov 2005 11:03:24 
To:General DShield Discussion List <list at lists.dshield.org>
Subject: Re: [Dshield] Rootkits All Around: Universal Music Has It ,Too

Perhaps I am a bit confused over terms, but are we talking rootkit, spyware, or something else?  I
find it extremly odd that music companies would be putting rootkits on peoples computers.

Mrcorp

--- Fergie <fergdawg at netzero.net> wrote:

> Mike writes over on techdirt.com:
> 
> [snip]
> 
> I doubt this is surprising to anyone. But, following all the talk about Sony's rootkit-style
> copy protection found on some music CDs, people are looking to see who else the copy protection
> company works with. Riley turned up a press release, showing that the company is also outfitting
> certain Universal Music Group CDs with their special brand of malware copy protection -- even
> highlighting in the announcement that it's the same as found on SonyBMG CDs. Of course, given
> Universal Music's CEO Edgar Bronfman's history of believing he must control everything, it's no
> surprise at all that they'd be using this too.
> 
> Given the lawsuits against adware firms for sneaky installs (and, recognizing that this rootkit
> stuff is actually much more dangerous by opening up additional holes in your computer), doesn't
> it seem like these record companies have just opened themselves up to a serious legal liability?
> They installed something on computers without asking or alerting you. They make it very, very,
> very difficult to remove. They break certain features of your computer and they open up a major
> security vulnerability that others can exploit. And then they call all their customers
> criminals. Can't imagine why they're having trouble with their existing business model.
> 
> [snip]
> 
> http://techdirt.com/articles/20051102/103241_F.shtml
> 
> - ferg
> 
> 
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg at netzero.net or fergdawg at sbcglobal.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
> 
> 
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 

_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Cheers,
-E D Truitt

Sent via my BlackBerry from Cingular Wireless


More information about the list mailing list