Sonyy BMG CDs of 2005 are dangerous

[Narek]

5. Sony BMG Music CDs (2005)

When you stick a music CD into your computer, you shouldn't have to worry that it will turn your PC into a hacker's plaything. But that's exactly what Sony BMG Music Entertainment's music discs did in 2005. The discs' harebrained copy protection software installed a rootkit that made it invisible even to antispyware or antivirus software. Any moderately clever cyber attacker could then use the same rootkit to hide, say, a keylogger to capture your bank account information, or a remote-access Trojan to turn your PC into a zombie.

Security researcher Dan Kaminsky estimated that more than half a million machines were infected by the rootkit. After first downplaying the problem and then issuing a "fix" that made things worse, Sony BMG offered to refund users' money and replace the faulty discs. Since then, the record company has been sued up the wazoo; a federal court judge recently approved a settlement in the national class action suit. Making your machine totally vulnerable to attacks--isn't that Microsoft's job?

Source http://www.pcworld.com

[Russian fan]

Making your machine totally vulnerable to attacks--isn't that Microsoft's job?

What can I say? Viva Linux!

[Richard Palmer]

5. Sony BMG Music CDs (2005)

When you stick a music CD into your computer, you shouldn't have to worry that it will turn your PC into a hacker's plaything. But that's exactly what Sony BMG Music Entertainment's music discs did in 2005. The discs' harebrained copy protection software installed a rootkit that made it invisible even to antispyware or antivirus software. Any moderately clever cyber attacker could then use the same rootkit to hide, say, a keylogger to capture your bank account information, or a remote-access Trojan to turn your PC into a zombie.

Security researcher Dan Kaminsky estimated that more than half a million machines were infected by the rootkit. After first downplaying the problem and then issuing a "fix" that made things worse, Sony BMG offered to refund users' money and replace the faulty discs. Since then, the record company has been sued up the wazoo; a federal court judge recently approved a settlement in the national class action suit. Making your machine totally vulnerable to attacks--isn't that Microsoft's job?

Source http://www.pcworld.com

This only applied to a few discs, and then only the USA copies. You can now download newer, safer, software to get rid of the rootkit. I'm not trying to downplay the stupidity of it, but I wouldn't want everyone to go out and bin their CDs unnecessarily.

[drjohncarpenter]

Viva Mac OS!

[Rich_TCB]

I think there was a listing of all the CD's that had this on there.

Does somebody have that?

Also - have ALL of these CD's been removed from the stores?

Rich

[midnightx]

I think there was a listing of all the CD's that had this on there.

Does somebody have that?

Also - have ALL of these CD's been removed from the stores?

Rich

The only way you can obtain one of the 'dangerous' CDs is if you purchase a used copy from a used record store. The CDs were quickly removed back in 05 and a class action lawsuit against Sony was quickly filed. A lot of people had their computers corrupted. The only way to truly rid of the problem was to wipe your harddrive and reinstall all your software.

[Richard Palmer]

I think there was a listing of all the CD's that had this on there.

Does somebody have that?

Also - have ALL of these CD's been removed from the stores?

Rich

The only way you can obtain one of the 'dangerous' CDs is if you purchase a used copy from a used record store. The CDs were quickly removed back in 05 and a class action lawsuit against Sony was quickly filed. A lot of people had their computers corrupted. The only way to truly rid of the problem was to wipe your harddrive and reinstall all your software.

Wikipedia has a very good article about this, which among other things gives details of how to return any affected discs. http://en.wikipedia.org/wiki/2005_Sony_BMG_CD_copy_protection_scandal

[Rich_TCB]

Thank you both

Rich

[genesim]

Viva Mac OS!

Via Bill Gates/Microsoft, the biggest supporter of the system. What would they do without them!

[BigredG]

No Elvis titles mentioned here:

Are You Infected by Sony-BMG's Rootkit?
Related Issues
File Sharing issue overview, blog postsPosted by Fred von Lohmann
As we've mentioned before, Sony-BMG has been using copy-protection technology called XCP in its recent CDs. You insert your CD into your Windows PC, click "agree" in the pop up window, and the CD automatically installs software that uses rootkit techniques to cloak itself from you. Sony-BMG has released a "patch" that supposedly "uncloaks" the XCP software, but it creates new problems.

But how do you know whether you've been infected? It turns out Sony-BMG has deployed XCP on a number of titles, in variety of musical genres, on several of its wholly-owned labels.

EFF has confirmed the presence of XCP on the following titles (each has a data session, easily read on a Macintosh, that includes a file called "VERSION.DAT" that announces what version of XCP it is using). If you have one of these CDs, and you have a Windows PC (Macs are totally immune, as usual), you may have caught the XCP bug.

Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia) (labeled as XCP, but, oddly, our disc had no protection)

Several other Sony-BMG CDs are protected with a different copy-protection technology, sourced from SunnComm, including:

My Morning Jacket, Z
Santana, All That I Am
Sarah McLachlan, Bloom Remix Album

This is not a complete list. So how do you recognize other XCP-laden CDs in the wild?

Tip-off #1: on the front of the CD, at the left-most edge, in the transparent "spine", you'll see "CONTENT PROTECTED" along with the IFPI copy-protection logo. A few photos make this clearer.


Tip-off #2: on the back of the CD, on the bottom or right side, there will be a "Compatible with" disclosure box. Along with compatibility information, the box also includes a URL where you can get help. The URL has a telltale admission buried in it: cp.sonybmg.com/xcp. That lets you know that XCP is on this disc (discs protected with SunnComm have a different URL that includes "sunncomm").


If you haven't been infected yet, to protect yourself from XCP in the future, disable "autorun" on your Windows PC. Once you have done so, however, these CDs may not be accessible under Windows unless you have specialized ripping software installed; these CDs are encoded in a way that intentionally confuses standard Windows CD drivers. For a smarter audio grabber for Windows, you may want to consider using Exact Audio Copy, which reportedly can read these CDs if you have turned off autorun and avoided infection by XCP

[genesim]

They are all infected. So PM me and I will give you my adress and you can send them to me and I will take care of them.