Dvd Rootkit on the way

Martin Brinkmann
Feb 15, 2006
Updated • May 2, 2013
Security
|
3

Some weeks ago Sony made the attempt to protect music on some CDs the company manufacturers and distributes by adding a rootkit software on the CDs. The rootkit got installed on user PCs if the music CD was inserted into the computer's CD drive provided that the operating system used was Microsoft Windows. The protection had its flaws as it was only working on Windows and not on other systems like Linux or Macintosh. What it did mean though was that Sony distributed rootkits on their customer's PCs, and that third parties discovered methods to exploit those rootkits for their own malicious doings.

After a large outcry from the Web community Sony decided to pull the CDs from the shelves and offer a tool to uninstall the rootkit (which you would only get through a lengthy process).

One would think that other companies would learn from Sony's mistake. That however does not appear to the the case as the first rootkit-like software was recently discovered on the DVD of the German version of the movie Mr. and Mrs. Smith. F-Secure confirms that the Settec Alpha-DISC copy protection system is used on the DVD.

The Settec Alpha-DISC copy protection system used on the DVD contains user-mode rootkit-like features to hide itself. The system will hide its own process, but does not appear to hide any files or registry entries. This makes the feature a bit less dangerous, as anti-virus products will still be able to scan all files on the disk.

If you think your computer has been infected by this rootkit you can use the uninstaller from the manufacturers website to remove it again.

Besides the obvious threat that a rootkit poses many users claim that even standalone DVD players have troubles playing the DVD. I would advise you all to not buy this DVD and sent a clear message to the company so that they understand why the DVD is not selling as well as it could. I doubt anyone would be willing to purchase the DVD if they knew beforehand what it included.

Update: The uninstaller is no longer available. Settec on the other hand is still in operation.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Lucky Ruckerson said on February 19, 2006 at 5:07 am
    Reply

    “The technique had its flaws and was only working on windows but it still ment . . .”

    Great article, but broham, you gotsta use yer spelchek!

  2. Satish Bhardwaj said on February 15, 2006 at 6:14 pm
    Reply

    This rootkit issue is a desperation move on the part of music industry and its assoc. RIAA. They are doing all they can to stop the music piracy including getting court judgements against the offenders. There is a simple solution. It needs the financial backing of the music industry. No boy else will back up this move. I advocate the development of a system where the power of PC would be reduced to that of communication with the server. The browser will reside in server rather than in the PC. I can be reached by RIAA and the music industry at fakir005@aim.com if they want to provide the financial support. The music companies can do so by donating money outright or by buying pixels at my site and display their ads.

  3. Lobo Schmidt said on February 15, 2006 at 5:02 pm
    Reply

    Yeah, let’s NOT buy that DVD.

    Besides, the movie sucks anyway.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.