I'm taking a few minutes today warn you about possibly the most dangerous computer hack I've run across in the last few years. This is extremely serious and is already affecting millions of Windows users.
Sony BMG has recently been installing XCP copy protection software on their audio CD's. It DOES NOT affect stand-alone CD players such as stereo systems in homes, cars, or portable players. However, if you attempt to play the CD on your Windows computer, it will ask you to agree to an End-User License Agreement. Saying yes to this will install very damaging software that at best could make your system unstable, and possibly make you computer vulnerable to attack and hijack by even the most rookie hackers!
The software actually uses advanced hacker techniques to make itself invisible to Windows (called a rootkit), then modifies key components of the Windows operating system. This means you can't find it without very specialized tools designed to look for it. There are currently no virus detection or spyware detection tools than can detect or prevent this from installing. Even tools that CAN detect it cannot remove it without making your computer unusable!
Even worse, the software they used (licensed from another company) is poorly written and is bug-ridden. It can cause random crashes (blue screens) on Windows computers. The most evil of all is that the software allows anyone to take advantage of this cloaking technology to easily install and hide anything they want on your computer. This means that anyone who learns about this vulnerability can install their own virus, spyware, or worse, on your computer and completely hide it. Current detection tools would be nearly powerless to stop it.
This is not a scam. This is all over the net from very reliable sources, and Sony has admitted using the software on it's CD's. So far it has issued a weak apology and is offering to replace affected CD's and recall CD's in the distribution channels. Do a search on Google for "sony DRM" if you want to verify this information.
So here's my advice: If any music CD asks permission to install software on your computer, especially if it's from Sony BMG, just SAY NO!. Your computer does not need any special software to play audio CD's. If you own one of these CD's, you can exchange it with Sony for the same title without the copy protection. Here's the link to do so: http://www.upsrow.com/sonybmg/. It also contains a list of affected CD's.
If you've already had this happen to your computer, you can supposedly remove it using their update tool. I've not used this myself (It's not affecting my computer). From what I hear, installing this update will give you the option to remove the software from your computer. Here's the link: http://updates.xcp-aurora.com/.
Here's a couple of other links on the topic:
Sony's site addressing the problem: http://cp.sonybmg.com/xcp/
Transcripts of Security Now podcast about the problem: http://www.grc.com/sn/SN-012.htm
Please take this seriously. I never send out warnings like this unless I can verify the information and I believe the threat serious enough to warrant immediate action.
Randy
Comment feed for this post
Recent Comments