Tag Archives: Sony BMG CD copy protection scandal

Suspected Fraudsters Behind the Sony DRM Virus Arrested

Three men have been arrested in the UK and Finland following an investigation into internet fraud. The three are a motley bunch, according to The Sunday Times: a 63-year-old from England, a 28-year-old from Scotland and a 19-year-old from Finland. Together they are alleged to have formed a gang called M00P. They are accused of being behind a virus known as Ryknos, Breplibot or Stinx-Q, which apparently allowed the gang access to commercial information through a back door. Thousands of computers, most of them in the UK, were infected. Infection here means total control over the computer in question. The virus was first spotted in November 2005.

What’s particularly interesting about this, and doesn’t seem to be mentioned in the mainstream press, is that the virus used a vulnerability created by Sony’s much despised DRM copy-protection software — a program installed as part of software to play Sony’s CDs on computers, but which would secretly install extra code designed to protect the CD from being copied beyond a limited number of times. The virus basically piggybacked the hole left by Sony’s software, so unless users who had installed Sony’s software had removed it, they were at the virus’ mercy.

The virus was well targeted and used clever social engineering tricks. It was tailored to businesses, disguised as a requested update for a photo attached to an email that read, in part, “Hello, Your photograph was forwarded to us as part of an article we are publishing for our December edition of Total Business Monthly. Can you check over the format and get back to us with your approval or any changes? If the picture is not to your liking then please send a preferred one. We have attached the photo with the article here.” Who’s not going to click on that? I know I nearly did.

If those detained were involved, it’ll be interesting to hear what they’ve got to say about the Sony rootkit (which has long been abandoned. Great piece on the saga by Wade Roush in this month’s Technology Review.

The End of the Sorry Sony Saga?

Sony to recall copy-protected CDs, according to the BBC:

Sony BMG is recalling music CDs that use controversial anti-piracy software. The software was widely criticised because it used virus-like techniques to stop illegal copies being made.

Widespread pressure has made the music giant remove CDs bearing the software from stores. It will also swap bought CDs for copies free of the XCP anti-piracy software. Sony is also providing software to make it easy to remove the controversial program from Windows computers.

Will Sony ever recover from this? Probably, but it’s not going to be easy. Hopefully they’ll think hard and long about this whole sorry episode. Well done, bloggers, for making this story gain traction.