Forum latest

Sony Music: rootkits and DRM
Written by Aidan   
Tuesday, 01 November 2005 04:20

Mark Russinovich from Sysinternals recently picked up an interesting bit of software which looked suspiciously like a bit of malware. Now, those who know of Mark will know he really is one of the Windows Gurus, with a deep knowledge of how Windows works internally. So, how did someone like Mark end up with something like malware on his machine?

One bit of software patched the Windows kernel, so that files and registry entries with "$sys$" as part of the name would be hidden from programs running. That includes programs like spyware/malware detectors as well as antivirus. Handy if you want to hide your malicious code from view. Mark's view of the software  was that it wasn't necessarily stable - unloading the driver doing the cloaking could cause the machine to bluescreen. Not only that, but an additional driver had been added to the CD-ROM drive, including the "$sys$" part of the name to hide it. Simply removing these drivers rendered CD/DVD-ROM drives inaccessible by Windows.

So, where did this apparent malware come from? No other than Sony Music as part of the DRM on a music CD. That's right - simply playing the CD in the computer installed the software.

There's lots of good detail over on Mark's page, including how he detected the software that was trying to hide itself.


See also

None found.

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either