Class Action Lawsuit Against Sony BMG For DRM RootKit; Pest Patrol Lists Sony’s RootKit as Spyware

A class action lawsuit against Sony BMG Music Entertainment has been filed in California, and more lawsuits are expected as lawyers enter the Sony Rootkit copy protection software fiasco.

Attorney Alan Himmelfarb filed a suit in Los Angeles County Court last week on behalf of Alexander Guevara. The lawsuit claims that Sony BMG’s copy-protection technology, dubbed XCP, for eXtended Copy Protection by its creator, U.K.-based First4Internet, violates two anti-fraud statutes and a third statute that forbids anyone placing spyware on a computer.

California’s Consumer Protection Against Spyware Act, which was made law over a year ago, forbids “the taking control of a consumer’s computer, modifying computer settings, and the prevention of a user’s efforts to block or disable software,” according to the papers Himmelfarb filed. “Sony’s rootkit program violated each of these prohibitions.”

Sony has been under increasing fire for concealing the XCP files with a hacker-style rootkit, and making it nearly impossible to remove the copy protection from a PC once installed.

Some security vendors like Computer Associates’ PestPatrol group have blacklisted XCP as spyware.

Himmelfarb’s class-action lawsuit requests that Sony be prevented from using XCP and that compensation - to be decided later- be made to all buyers of the protected CDs.
The suit also asks that any Sony profits on CDs sold in California be turned over to the class-action members.

Another lawyer, Scott Kamber of New York, has told the Washington Post that he plans to file a class-action suit against Sony BMG for its use of a rootkit. “What Sony is saying with this software is that ‘Our intellectual property is more deserving of protection than your intellectual property,’” Kamber told the Post.

The Electronic Freedom Foundation (EFF) added its voice to the chorus, saying Wednesday that it too was considering a class-action lawsuit. The non-profit is as yet undecided, but is asking for accounts from affected Sony CD buyers.

The EFF has also confirmed 20 Sony CDs as using the XCP technology, ranging from albums by Celine Dion and Neil Diamond to those by Van Zant and Switchfoot.

Although Sony has done some minimal damage control - last week it released a patch that revealed the once-hidden files - it continues to refuse comment and makes it extremely difficult to obtain an uninstaller. Also the patch can crash your computer as demonstrated by Mark Russinovich, the chief technology officer for Wininternals and the first researchers who brought to light the details about Sony’s Rootkit.

Mark Russinovich found that the uninstaller generates a hash from the PC configuration - something other rights management software does, including Microsoft’s Windows Activation - so that only the PC from which the request for the uninstaller was made can be cleansed.

“Without exaggeration I can say that I’ve analyzed virulent forms of spyware/adware that provide more straightforward means of uninstall,” wrote Russinovich on the newest update to his Sony copy-protection blog.

Sony has yet to post any links to the patch or uninstaller on its Web site.

Sony Rootkit opens the floodgate for super adware / malware / viruses by providing simple means to virus authors to hide their virus software in a way which cannot be detected by any anti-virus programs.

And the first of them has arrived - “Backdoor.Rycos” (by Symantec) and “Stinx.e” (by Sophos) is a Trojan which arrives as an attachment to an e-mail purportedly from a British business publication. If the attachment is launched, the Trojan copies itself as “$sys$drv.exe” to the hard drive.

Note: Any file beginning with “$sys$” is automatically cloaked by the XCP rootkit.

As early as a week ago, hackers were already discussing ways to use the XCP rootkit, but Stinx.e is the first proof of concept. As you can realize only users of Sony CD’s are affected by this trojan.

“Sony’s DRM copy protection has opened up a vulnerability which hackers and virus writers are now exploiting,” said Graham Cluley, senior technology consultant for Sophos, in a statement Thursday. “We wouldn’t be surprised if more malware authors try and take advantage of this.”

The Trojan opens a backdoor on the compromised PC, and takes commands from its controller to, for instance, install additional files or delete data. In short the Trojan turns your PC into a zombie which can be used to perform illegal activities by someone controlling it over the internet.

Analysts at Gartner also stepped into the controversy by issuing a warning to clients of a consumer backlash against such practices.

“The use of spyware techniques, however benign in purpose, constitutes bad business practice and should be discouraged. Any attempt to sneak software onto a customer’s computer or gather any information without consent is unacceptable,” said Ray Heiser.

At this point I think it is advisable to stay away from Sony’s XCP enabled CD’s.

A class action lawsuit was inevitable considering the circumstances. What Sony didn’t foresee is the widespread consumer backlash catalyzed by bloggers.

Link