Caution SONY Music CDs have trojan Malware

[Sony Music CDs install Malware]

I'm still wondering what problems your feeble little mind is possibly
capable of either solving or assisting in solving. You have got to be
one of the dumbest little shits I've ever come across on usenet. You
know, back in my Raid vx days; I didn't encounter people as mouthy
and ignorant at the same time as you've been the last few days. Not
even on irc. Even the fucking aolers had more brains then you.
Christ. When I get a chance to meet morons like you, it brings back
fond memories of vxing. Your such an ignorant shit. Callin me a liar,
tellin me I don't know shit about viruses. I've written many, I would
think I know a fucking thing or two about them. Whats the name of any
you've written, you dumb shit?

I've long since retired from vxing, and forgotten many of the
routines; But I still suspect what I forgot is more then you're ever
going to learn. Your not shit. Your never going to be shit. heh.. You
fuckin lamer. My God... And to think I spent days trying to defend
myself, to some stupid little blowhard like you. HAHAHA...

Regards,
Dustin Cook
http://bughunter.atspace.org

Justin:

Actually, Relic is right ['usually is]. I think you followed the
thread wrong.

And I just posted the reply to Justin wrong

--

Beware SONY Music CDs.
They contain "viewers" that are actually
rootkit like malware that are near impossible to
remove.
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
http://www.techdirt.com/articles/20051101/1514209_F.shtml

 

[Sony Music CDs install Malware]

To remove it is a matter of cleaning up the files, theirs really no
need to play cat and mouse with it if you don't boot the host OS.
bartpe is a nice time saver. Once the files are gone, you can run
regedit from bart and mount the software hive, remove the offending
keys, unmount the hive, and reboot to the host OS. Windows will reset
your cdrom access back to it's own default drivers. If you have
burning software, you may need to reinstall it to re-enable burning
features.

And you think this is 'straight forward and easy', I've got no idea
what you're talking about, I don't even know what a 'hive' is let
alone how to [un]mount it !!!!

Geo:

"hive" - He's making references to the Windows registry. "mount" means to
make available to the running software [usually an operating system] for
use. Windows usually detects and mounts harddisks etc. automatically. Some
systems require the user to specifically command that a disk etc. gets
mounted. A BART [Bootable Antivirus and Recovery Tools] CD, is a bootable CD
that enables you to make fixes to the system without booting it from
Windows. "keys" refers to Windows registry key. "host OS" is your Windows
operating system. "burning software" refers to software that burns [creates]
CD-R discs such as a roll-your-own music CDs or a copy of another CD.

--

Beware SONY Music CDs.
They contain "viewers" that are actually
rootkit like malware that are near impossible to
remove.
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
http://www.techdirt.com/articles/20051101/1514209_F.shtml

 

[James Egan]

And you think this is 'straight forward and easy', I've got no idea
what you're talking about, I don't even know what a 'hive' is let alone
how to [un]mount it !!!!

You can pick it up easily enough from regedit help which tells you the
locations of the registry hive files. Editing with (bartpe) regedit is
simply a matter of selecting one of the files and loading it to a
temporary name of your choice. Edit using regedit in the normal way to
make the changes and unmount it simply by clicking on
File->Unload_Hive.


Jim.

 

[James Egan]

Dustin is Wrong 1. That's not 'easy' removal DustinThat's skilled removal by
someone who knows the system and registry very well as well as some of the
tools that are available.

Actually, he did say "aside from a general end user not knowing how to
boot from a cd such as a bart disc, or knowing how to use the registry
editor" before saying it was easy. With those qualifications, it *is*
easy.

Dustin is Wrong 2. And it is an infestation if special tools are needed for
a removal.

You won't find many (if any) in acv agreeing with that definition of
malware "infestation".


Jim.

 

[Dustin Cook]

Dustin - so don't buy Sony. Your choice. Why use the issue to try to
prove your perceived intellectual superiority over others? Inferiority
complex? Can't handle being contradicted?

What in the world are you talking about? I'm not trying to prove any
superiority, I'm simply wanting some individuals who should know
better, like the register, from reporting inaccurate information, thats
all.

Virus writers: idiots who think they're clever cos they can write 3
lines of javascript.
Virus writers who loudly claim "credit" for their supposed creations:
even bigger idiots.

javascript? Kiddo, Mine were exe/com infectors. I don't need to claim
credit, I'm already published by name in virusbulletin, damn near 6
years ago.

People who claim to be virus writers when they obviously are not, then
use this imaginary "skill" to present themselves as smarter than
everybody else: the biggest idiots of all.

When they are obviously not? Sigh. I don't know how to make this any
simpler for you, I am Raid; I am a former well known virus writer. Why
in the hell would anybody claim to be this individual of all people, if
they were not? If you were a coder, you could see for yourself.
BugHunter is a legitimate application, but all programmers like bomb
makers have a certain signature. You'd find the coding style used on
BugHunter matches the coding style used on viruses and other malware
(war dialers, etc) written by Raid (me).

Did I just hear a virus writer calling somebody "lamer"? Now that's
very funny indeed. Why do people stick with writing viruses? Because
its so ridiculously easy. Doesn't even require any coding skills or
understanding of programming techniques whatsoever. So obviously anyone
who trumpets his own virus-coding skills doesn't have any.

Indeed. If your writing scripts, like javascript. I don't.
Incidently, you don't read so well; I'm retired. Have been for a very
long time now. Aside from maintaining contact with some old friends on
both sides, I have nothing to do directly with the Vx scene. My
interests are in malware removal, not it's creation.

BTW anyone who thinks the Sony DRM thing is an issue needs to google
"NSA key".

I do not feel the sony thing is that big of an issue. It's sneaky, but
something similiar was already released on the new foo fighters. It
just didn't make such an effort to hide itself.

Regards,
Dustin Cook

 

[Dustin Cook]

Actually, he did say "aside from a general end user not knowing how to
boot from a cd such as a bart disc, or knowing how to use the registry
editor" before saying it was easy. With those qualifications, it *is*
easy.

heh. Hi James. Long time.

You won't find many (if any) in acv agreeing with that definition of
malware "infestation".

Nope.. He sure won't. Laugh Laugh. Poor slob doesn't know what a virus
even is. Nor a rootkit, nor a worm. Sony's amusing little program
doesn't meet the criteria of any of them.

Regards,
Dustin Cook
http://bughunter.atspace.org

 

[REH]

Would you please remove your cross-posts to comp.lang.c++ from your
discussion?

 

[Art]

I do not feel the sony thing is that big of an issue. It's sneaky, but
something similiar was already released on the new foo fighters. It
just didn't make such an effort to hide itself.

I thought it was the lack of a uninstall that was the big issue. Has
that been fixed? If a typical consumer/user is faced with having to
pay a expensive repair bill to have (possibly buggy) sw removed from
his PC, I'd say it's a big deal indeed.

Other issues such as continual added overhead (cpu/RAM useage) are
perhaps minor issues which most wouldn't consider a big deal nowdays
.... providing they are minor.

Art

http://home.epix.net/~artnpeg

 

[Gabriele Neukam]

On that special day, Dustin Cook, ([email protected]) said...

Nor a rootkit, nor a worm. Sony's amusing little program
doesn't meet the criteria of any of them.

I've seen it being named "rootkit" (behaviour) on a reputable German
site, the heise newsticker (something like register for Germans). They
used this term a bit loosely, because the original version was meant to
hide all processes and threads from the system, that begin with $sys$

That isn't exact science, of course, just meant to alert the readers
about this scumware.


Gabriele Neukam

(e-mail address removed)

 

[Dustin Cook]

I thought it was the lack of a uninstall that was the big issue. Has
that been fixed? If a typical consumer/user is faced with having to
pay a expensive repair bill to have (possibly buggy) sw removed from
his PC, I'd say it's a big deal indeed.

Not the uninstall per say, just the fact the program makes an active
effort to conseal some of it's files it needs. Of course, Sony didn't
tell anybody they intended to install this wonderful little program.
That probably irked most users.

Regards,
Dustin Cook
http://bughunter.atspace.org

 

[Rebecca]

What in the world are you talking about? I'm not trying to prove any
superiority,

That's good. You'd be laughed out of town if you did.

 

[relic]

I'm still wondering <snip unread>

Didn't I just tell you to **** off?

 

[Dustin Cook]

You can pick it up easily enough from regedit help which tells you the
locations of the registry hive files. Editing with (bartpe) regedit is
simply a matter of selecting one of the files and loading it to a
temporary name of your choice. Edit using regedit in the normal way to
make the changes and unmount it simply by clicking on
File->Unload_Hive.

I'm beginning to think after reading/responding to the posts in the
last few days, The people have only gotten dumber since I retired;
certainly not wiser. Dumb and mouthy...Stupid is as stupid does as they
say. They don't read before hitting post, they don't check "help" at
all, They don't do any background checking before they claim you don't
know this or that. They are helplessly stupid individuals.


Regards,
Dustin Cook
http://bughunter.atspace.org

 

[bughunter.dustin]

Didn't I just tell you to **** off?

And that's supposed to get what kind of response, exactly? Am I
supposed to fear you or something, kiddo? Non coding little fucktard, I
fear nothing. Instead of telling people to **** off, fucktard, you
should try answering their questions. It certainly doesn't help your
credibility you dumb shit. I can't decide if dumb shit or fucktard
suits you better. Keep posting, I'll figure it out.

Where's your big bad trolling friends now you halfwit? Heh... Lurking,
saving face? Bring it, motherfuckers, bring it. - Dope


Regards,
Dustin Cook
(That's Raid you Relic bitch)
http://bughunter.atspace.org

 

[Damian]

I'm beginning to think after reading/responding to the posts in the
last few days, The people have only gotten dumber since I retired;
certainly not wiser. Dumb and mouthy...Stupid is as stupid does as
they say. They don't read before hitting post, they don't check
"help" at all, They don't do any background checking before they
claim you don't know this or that. They are helplessly stupid
individuals.

While your self-analysis is spot-on, don't be so hard on yourself.

Er... on second thought, with all that self-loathing, why don't you just go
neck yourself?

 

[bughunter.dustin]

While your self-analysis is spot-on, don't be so hard on yourself.

Your trolling skills are wearing a bit thin. If you go too much lower,
I'll need my nephew. He's 5. He would know more about rubber/glue crap
then I remember. Seems his skills and yours are about the same tho. I'm
not sure, I think he might outsmart ya.

Regards,
Dustin Cook
http://bughunter.atspace.org

 

[Dustin Cook]

Dustin is Wrong 1. That's not 'easy' removal DustinThat's skilled removal by
someone who knows the system and registry very well as well as some of the
tools that are available.

Another poster already pointed out the sheer ease in which someone
could remove the sony material. I appreciate the compliments tho. I
don't share the concept. I don't believe what I layed out is only for
those who are skilled. If you think that's skill, then I'm sorry for
you.

Dustin is Wrong 2. And it is an infestation if special tools are needed for
a removal. A while-the-system-is running Reg key delete and file delete is
simple removal .. what you are describing is not .. what you are describing
is removing a diseased infection.

Nobody in alt.comp.virus would agree with that. You need to learn what
infection is.

Regards,
Dustin Cook
http://bughunter.atspace.org

 

[Art]

Not the uninstall per say, just the fact the program makes an active
effort to conseal some of it's files it needs. Of course, Sony didn't
tell anybody they intended to install this wonderful little program.
That probably irked most users.

I see Sony has offered a remover:

http://cp.sonybmg.com/xcp/english/updates.html

The other concern I've seen has been the security vulnerability
issue, which Sony, of course, disclaims. Also, I have no idea how real
or valid this might be, but the fear is that if a user is hit with
another root kit the resulting low level conflicts will render the PC
unuseable. If this is true, it would seem we're heading for eventual
legislation banning so-called cloaking technology.

Art

http://home.epix.net/~artnpeg

 

[Dustin Cook]

I see Sony has offered a remover:

http://cp.sonybmg.com/xcp/english/updates.html

The other concern I've seen has been the security vulnerability
issue, which Sony, of course, disclaims. Also, I have no idea how real
or valid this might be, but the fear is that if a user is hit with
another root kit the resulting low level conflicts will render the PC
unuseable. If this is true, it would seem we're heading for eventual
legislation banning so-called cloaking technology.

Yes. That's what bothers me. the cloaking technology per say isn't bad.
What happens if I'm using a modified copy of VNC, and It doesn't appear
in task manager? This "rootkit" nonsense would make it illegal.

Art, refresh my memory if you don't mind. Didn't we used to call
applications that hid their presence, stealth? When did this rootkit
terminology replace that?

Regards,
Dustin Cook
http://bughunter.atspace.org

 

[Art]

Yes. That's what bothers me. the cloaking technology per say isn't bad.
What happens if I'm using a modified copy of VNC, and It doesn't appear
in task manager? This "rootkit" nonsense would make it illegal.

Art, refresh my memory if you don't mind. Didn't we used to call
applications that hid their presence, stealth? When did this rootkit
terminology replace that?

I don't think stealth has been replaced by root kit and cloacking. The
old stealth viruses are still stealth viruses, for example. I suppose
one might consider root kits as a subset of stealth malware just as
some view worms as a subset of viruses. But that's just my impression.
I don't recall seeing a terminolgy discussion/debate on that subject
here.

Art

http://home.epix.net/~artnpeg