rootkit
Latest
Microsoft signed a driver loaded with rootkit malware
Microsoft has confirmed that it signed a driver containing malware, although it stressed the limited real-world security impact.
It took Google months to patch a serious Android security flaw
Google has patched a critical security flaw that affects millions of Android devices with chipsets from MediaTek, XDA Developers revealed today. The vulnerability is a rootkit lodged in the CPU's firmware. It allows a simple script to root Android devices that use nearly any of MediaTek's 64-bit chips, so it has compromised hundreds of budget and mid-range smartphone, tablet and set-top box models, XDA says.
Sony's CD rootkit fiasco marks its inglorious 10th anniversary
Here's one product anniversary that Sony probably wants you to forget. It's the 10th anniversary of security researcher (now CTO for Microsoft Azure) Mark Russinovich publishing details of the Sony BMG rootkit, a CD copy protection system that compromised the security of Windows PCs and was near-impossible to safely uninstall. The music label was initially dismissive, but it soon had to change its tune -- it paid millions to settle charges and recalled legions of discs. To top things off, the discovery made Sony a punching bag for anyone unhappy with digital rights management (DRM) and other heavy-handed uses of copyright.
Trion explains why ArcheAge uses Hackshield
Ever since ArcheAge's launch, Massively has been deluged with queries about Trion's use of Hackshield, an anti-cheating toolkit created by Korean company AhnLab, Inc. Western gamers aren't traditionally fond of such security programs; as of the time of this writing, even Hackshield's meager entry under AhnLab's English Wikipedia entry has been vandalized, presumably by disgruntled internet denizens. ArcheAge's Hackshield implementation recently provoked one Redditor to issue an open letter essentially accusing Trion of illegally and secretively installing a third-party rootkit on every computer that runs Glyph. We spoke to Trion about the legalities and efficacies of the program. Specifically, we asked about five topics: Whether the program is being installed without permission, Whether it is legal to install it in in this way around the globe, Whether it is causing technical problems for users as claimed, Whether it is fully uninstalling when ArcheAge/Glyph are uninstalled, And whether it actually works, given weekend reports about exploits.
Apple removes claim of virus immunity
As small as the threat may be, Mac users can no longer claim immunity from attack by malicious software online. Many Mac users are starting to recognize this new reality and now Apple does, too. As noted in a recent PC World article, Apple has quietly removed the claim "It doesn't get PC viruses" from its OS X website and replaced it with the phrase "It's built to be safe." Also changed is the paragraph header "Safeguard your data. By Doing Nothing," which now says "Safety. Built right in." It's a subtle difference, but it's enough to show that Apple recognizes the importance of Mac security. Mac OS X is growing as a desktop platform and increasingly will be the target of malicious attacks. Recently, the Flashback botnet infected over 670,000 computers worldwide, most of which were running Mac OS X. This botnet exploited a hole in Java that was patched by Apple in a subsequent update to OS X.
Microsoft confirms rootkit caused Windows XP blue screens
When malware writers fail to generate clean, reliable code, just who can you trust? On the heels of many Windows XP 32-bit users facing blue screen of death errors and unwanted reboots, Microsoft is now confirming that there's a little bit of malicious code sitting at the root of it all. A rootkit, to be specific, one called Alureon that compromises the atapi.sys file and others. This rootkit makes a system call via an address that, after the update, no longer corresponds to the particular call Alureon is trying to make. This is apparently the cause of the BSODs, not the update itself, and so those suffering from similar issues can resolve them by simply replacing corrupted system files via the recovery console. It won't be as much fun as using Microsoft's more popular console, but should at least cure what ails you.
Transgaming to use SecuROM for Cider games
As if Mac gaming needed more problems getting off the ground. Transgaming has proudly announced that in the future, their games will include Sony's SecuROM digital rights management software. They don't mention which games will be getting the extremely restrictive DRM (that some folks have compared to malware), but we're guessing all of them, which means the Mac version of Spore will be on that list, as well as those upcoming Ubisoft titles, and anything else produced with the Cider technology.Bummer. Why is it a bummer? Because all the evidence we can see actually shows that DRM hurts sales. While Transgaming is obviously proud of this decision, claiming that SecuROM will help them prevent piracy and unauthorized copying, most of the evidence shows that piracy will happen in spite of, and sometimes even because of restrictive DRM setups like Sony's. Transgaming is making a serious mistake here -- they want to protect their games, which is fine. But choosing DRM, especially SecuROM, as a way to do it is a mistake. It'll cause more problems for the company and their users before it prevents piracy in the way they think it will.[via IMG]
Sony fesses up to another rootkit snafu
While everybody was busy with that BioShock "rootkit" false alarm -- and subsequently busy playing BioShock -- the folks at F-Secure were uncovering a new, legitimate rootkit problem in the software packaged with Sony's MicroVault USM-F fingerprint reader drives. It took Sony a little while to respond, but now the company says it has launched an investigation into the software, which was developed by a third-party, and will offer a fix by mid-September. The drives models had already been discontinued, though you can still pick them up at a few stores, and the rootkit is not as serious as the Sony BMX XCP DRM, but the software is still dangerous enough to allow malware authors to hide folders, so we're glad Sony's going to run clean up here.Read - Sony confirms security problemRead - Sony's USB Rootkit vs Sony's Music Rootkit
Sony's back for more, running BioShock DRM with a rootkit
BioShock is undoubtedly a critical darling, but it's not without its share of technical woes. 2K Games is already on the ball with the widescreen field of view "issue," and has even slackened activation requirements, allowing for up to five SecuROM activations per copy of BioShock. Unfortunately, activation problems go deeper than that, since the Sony-owned SecuROM has deemed it necessary to pack in a rootkit with the BioShock installation, both for registered versions of the game and, inexplicably, the demo. We would've hoped 2K games chose its DRM provider carefully, and screened for such shenanigans, but Sony's SecuROM really has no excuse, since we've certainly been down this path before.Update: Our pal Dan at PC Gamer points out that while he thought it was goofy to have the DRM on the demo too, it turns out that they pretty much always do this -- if they don't, pirates can use the unprotected exe to figure out what the difference between the demo and retail exe is, and that makes it easier to hack out.Update 2: 2K has a statement up about BioShock's DRM. According to them, SecuROM isn't an actual rootkit, it's just hiding some registry keys on your system. Gaming Bob, who originated this story, has also retracted his analysis of the DRM as being a rootkit, and posted up some easier instructions for removing the SecuROM service, so it looks like it's indeed safe to come out and play.[Via Fergie's Tech Blog; thanks Nfinity]
Sony BMG suing creators of MediaMax DRM for $12M
It's been two years since Sony BMG got hit with a number of class action lawsuits for shipping CDs that stealthily installed malware DRM on Windows machines without user permission, and it looks like the company is trying to get back the $5.75M it lost replacing affected discs by suing Amergence, the developer of MediaMax, one of the two DRM systems Sony was using at the time. MediaMax is unrelated to XCP, the infamous "rootkit" DRM at the center of the controversy, but it also installed itself without permission and contained a major security hole, leading Sony to recall both XCP and MediaMax-protected CDs. For its part, Amergence (which used to be called SunnComm) claims that XCP was the real problem and that Sony BMG's demand for final authority over MediaMax's functional specifications insulate it from any liability -- arguments that don't seem like they'll cause any consternation for Sony's legal team. DIsclaimer: Although the author of this post is an attorney, it is not legal advice or analysis and should not be construed as such.
Sony BMG plops down $4.25 million to settle with 39 states
Well that was quick. After forking over $750k to California on Tuesday to settle charges regarding its nefarious rootkit schemes, Sony BMG has brokered a similar deal with 39 more states in the US and A. Luckily for Sony, it looks like they've improved their per-state cost considerably, at a bargain $4.25 million for all 39 states, with Washington D.C. thrown in there to boot -- it is the holidays after all. Just like with California (and Texas, which settled with Sony on Tuesday as well), Sony BMG will additionally be giving refunds of $175 to consumers who file a claim that the rootkit damaged their computer in some way. Also included in the settlement is a pinky swear from Sony that they won't put any more copy protection software on future CDs that can't be easily located and removed from a computer. Sony BMG says it's pleased to reach the agreements. Aww, big hug.
Sony BMG settles rootkit case in California for $750k
This one took a bit longer, but it looks like Sony is still wrapping up these rootkit lawsuits, and this here's another one decided in favor of the consumers. Sony BMG has just settled with attorneys general of LA and California for the low low price of $750,000 -- with the suit claiming that Sony's inclusions of lame-o DRM software opened up computers to potential hackers. Sony will also provide refunds up to $175 to any consumer that can prove the rootkit damaged their computer in some way, according to a part of the settlement that is still awaiting judge approval. It wasn't all doom and gloom though, since LA's Tom Papageorge, a head deputy district attorney, says that "To their credit, they did stop the practice as soon as we brought it to their attention," but unfortunately he continued on to mention that "The FTC and a group of other states are looking at this as well and will file similar agreements." So it's not all over for Sony yet. And here we were hoping for a Sony-free year of lawsuits and general consumer neglect in 2007 -- how about we give '08 a shot?
Sony BMG "rootkit" class action settled: time to submit your claim
Listen up anyone who "purchased, received, came into possession of or otherwise used" music CDs containing Sony's flawed DRM software anytime after August 1, 2003. Under the terms of the class action settlement approved Monday, you are entitled to file a claim for a replacement CD, free downloads of music from that CD (with Apple's iTunes named as one of the three download services, ironically), and even "additional cash payments" which we presume are likely to amount to a stack of Abes, not Benjamins, folks. Pretty much what Sony BMG was already offering to their customers when this whole fiasco hit back in November. Additionally, Sony BMG definitively agreed to halt manufacture or distribution of that XCP and MediaMax nastiness masked by the rootkit. Now be sure to get your claim in now consumers, so that Sony BMG hears loud and clear that you do know what a rootkit is, and yes, you care. Afterall, the settlement only lasts until the end of 2007 at which point Sony BMG is free to introduce copy protection software once again. Click the read link for a PDF copy of the settlement.[Via c|net News]
