Network News

X My Profile
View More Activity

Researcher: Sony DRM on Half a Million Networks

New data published today by notable security researcher Dan Kaminsky indicates that Sony BMG's security-flaw-ridden anti-piracy software is installed on more than half a million computer networks in at least 165 countries.

Kaminsky arrived at the number by poking around at the software installed on an untold number of Sony music CDs and studying the program's now well-known habit of "phoning home" information about the user's music habits to Sony and to First4Internet, the British company hired by Sony to produce the software.

Each time the software transmits user data it must ask for directions to find the sites set up by Sony and First4Internet to receive it. The thousands of machines online that hand out those directions -- known as "DNS servers" -- typically cache that information for a period of time to operate more efficiently.

Kaminsky said he spent four days querying thousands of DNS servers around the globe for signs that computers on networks they serve had requested any of the phone-home Web sites. He found the telltale traces on roughly 560,000 DNS servers  worldwide.

Kaminsky said he's not sure yet how many individual computers inside of those 560,000 networks actually have the Sony software installed on them, but noted that "at the end of the day, it only takes an average of two machines per network and we are easily talking about millions of machines here."

Planetsony_usa Kaminsky tied the addresses to geographic locations by using his access to a commercial geolocation database. He has since posted a software tool on his site that renders a very cool three-dimensional look at where the largest concentrations of installs are located

(Some screen shots of the geolocation tool provided by Kaminsky show red on the globe for networks where the Sony software has been installed in North America, Europe and Asia. You can also click here for the full country list).

As you might expect, the most-affected nodes are located in Japan (217,296), followed closely by the United States (130,519). Interestingly, it's hard to find a country where Sony's anti-piracy software isn't installed. Kaminsky detected installs in Afghanistan, Iraq, Mali, Mongolia, Myanmar, Guam, Cameroon, Congo and Micronesia, to name just a few stragglers at the bottom of the list.

"It's funny, because the last time we saw these kinds of infection rates, they were because of bugs in [Microsoft] Windows that were later patched," Kaminsky said. "But Sony's patch actually deploys new flaws."

By Brian Krebs  |  November 15, 2005; 12:25 PM ET
Categories:  Piracy  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Researchers: Sony Patch Opens Huge Security Hole
Next: Yet Another Sony Flaw Found


Interestingly enough, Sony may have violated some copyrights with their rootkit, It seems there may be some gpl'ed and lgpl software included in it. Nice, a company trying to enforce copyright and uses stolen code to do it.

Posted by: Bloggins | November 15, 2005 12:47 PM | Report abuse

I worked for a company in the late 1990s that decided to get into push technology, they created an applet that would quietly run in the background and hide from the user -- the owner of the software could then publish alerts to the user's system for "preemptive customer support" purposes. This company creating the software had not thought out clearly who should be able to publish messages to this applet, nor did they clearly understood the negative functional aspects of the product, how it could be abused. Because of this (and as with Sony) approaches like this backfire. Transparency is the best policy.

Posted by: Pogo | November 15, 2005 1:32 PM | Report abuse

I forgot to mention -- the software would monitor changes the user would make to their system, what app were installed, drivers, etc. It would then report these changes to the owner/company who owned the software. Sometime after 2000 this software was classified as adware...

Posted by: Pogo | November 15, 2005 1:37 PM | Report abuse

Beautiful picture. "Outbreak" comes to mind. Apart from that - why should there be so many DNS servers that indiscrimately serve requests coming from the Big Bad Internet? Some organizations need to tighten their filters.

Posted by: El Tonno | November 15, 2005 1:55 PM | Report abuse

Though the focus, for now, is on Sony-BMG CDs; Sony does sell computers (Viao) with pre-installed software. Does anyone know if these computers are pre-infected???????????

Posted by: Steve | November 15, 2005 2:58 PM | Report abuse

Does anyone know if these CDs can infect Macs? My girlfriend recently ripped a sony cd onto my Imac, and I'm afraid it's infected. Thanks.

Posted by: Max | November 15, 2005 3:38 PM | Report abuse

If it illegal to export certain types of software (e.g. strong encryption), then why are proprietary DRM schemes not illegal to *import* by the same logic?

An important message from DHS, but first a word from our sponsor ...

Posted by: GTexas | November 15, 2005 3:49 PM | Report abuse

Hi Max:

Some Sony DRM does target Macs, but this particular one doesn't. There's no hard and fast answer, but you're probably OK.

Three tests:

1. Check the packaging of the CD. It will say on the packaging if it is a "content enhanced" CD. If it doesn't, you're OK.

2. If she did not have to run an installer - and submit an admin password - to listen to the CD, you're OK.

3. If she was able to rip to MP3 or AAC then you're OK. It is not possible to rip to open formats if the CD is infected with DRM. That's partly an act of revenge on Apple whose iPod will play those open formats - for taking a market Sony saw as "theirs" (the "Walkman" market).

If you don't come up laughing on those three tests, look into it further.

Posted by: Mike | November 15, 2005 4:38 PM | Report abuse

This Sony disaster has national and international implications. Since we are supposed to be at war with global terrorists, it is frightening to think that, according to Kaminsky, potentially a 560,000 PC are infected and could be used to disrupt our network from anywhere in the world. Since the authorities have such a hard time identifying the source of spammers and DOS attacks within our national network, Sony has made the problem worse by expanding the issue to a global scale. Very Scary! I wonder what the DHS and FBI are doing to make sure these CDs are taken off the market.

Microsoft must be hopping mad at Sony for undermining its effort to make windows more secure from viruses, worms, rootkits, Trojans and other exploits. I would not be surprised if Microsoft started its own lawsuit to recover substantial amounts for Sony's subverting and perhaps trespassing on Windows technology. That would give Microsoft a chance to kick its major Game Console rival as a side benefit..

Posted by: DaveL | November 15, 2005 4:51 PM | Report abuse

Why hasn't anyone touched on the harm this is doing to the artists Sony BMG represent?

I'll certainly never buy a Sony CD again--it turns out that "piracy" is safer than Sony's corporate "protection".

As a content provider, I rely on distributors for some token of responsible behavior. Sony has shown that they're not up to the task.

While they may lose a few points off their bottom line, the artists they represent will take a huge hit in the pocketbook.

Not much protection there.

Posted by: concerned content provider | November 15, 2005 5:31 PM | Report abuse

Sony's finished. Time to go back to selling used vacuum tubes in the slums of tokyo, losers.

Posted by: blowmonkey | November 15, 2005 7:01 PM | Report abuse

Anyone got email addresses for Sony execs, so we can bombard them? These losers need to know the wrath they deserve. They make a huge profit and repay the customer with a dangerous security bug.

Posted by: Luddite | November 15, 2005 7:47 PM | Report abuse


Posted by: africanj | November 15, 2005 7:49 PM | Report abuse


> Since we are supposed to be at war with global terrorists,
> it is frightening to think that, according to Kaminsky, potentially
> a 560,000 PC are infected and could be used to disrupt our
> network from anywhere in the world.

Well, *global* botnets that are over the 100'000 mark already exist
and we are not talking terror here (a silly terror thread that would be),
we are talking extortion against corporate websites and speedy spam
distribution (and thus scam and malware distribution). But yeah, you
can soon expect mails in you inbox that will point you to a website
rigged to take over your machine through the Sony backdoor.

In other news, Microsoft is now cleaning up after Sony. E.g. at
Wired, we read: "Microsoft said it would remove controversial copy-protection
software that CDs from music publisher Sony BMG install on personal
computers, deeming it a security risk to PCs running on Windows."

Posted by: El Tonno | November 15, 2005 8:35 PM | Report abuse

(SONY) is dead to me and to anyone who was and will be affected by this rootkit
don't bother to email (SONY) just boycott the company and any other doing this crap (you know who you are. I do.) and rember Micro$oft is the king of "rootkits"

Posted by: Masher1 | November 16, 2005 4:49 AM | Report abuse

This is a worldwide abomination. They knew what they buying. All SONY products are now tarnished.

Posted by: honeydclown | November 16, 2005 10:34 AM | Report abuse

For those inclined to write and/or leave postings:
F. James Sensenbrenner, Jr., Chairman
Committee on the Judiciary
U.S. House of Representatives
2138 Rayburn House Office Building
Washington, DC 20515
Joe Barton, Chairman
The Committee on Energy and Commerce
U.S. House of Representatives
2125 Rayburn House Office Building
Washington, DC 20515

Posted by: Steve | November 16, 2005 3:39 PM | Report abuse

Here is the Senate list:
Arlen Specter, Chairman
Committee on the Judiciar
U.S. Senate
224 Dirksen Senate Office Building
Washington, DC 20510

Senator Ted Stevens, Chairman
Senate Committee on Commerce, Science, and Transportation
U.S. Senate
508 Dirksen Office Building
Washington, DC 20510

Posted by: Steve | November 16, 2005 5:56 PM | Report abuse

Micro$oft is the king of "rootkits"

That must be why it's called a "rootkit" - because the administrator account on a Windows machine is named "root."

Posted by: Joe Momma | November 18, 2005 9:38 AM | Report abuse

I wonder how the Mohn family feels about this.

Posted by: nobdy | November 28, 2005 10:37 AM | Report abuse

funny ringtones

Posted by: | August 7, 2006 3:52 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company