Microsoft release Sony rootkit patch

The latest monthly update to the Windows Malicious Software Removal Tool adds detection and deletion for "F4IRootkit," Microsoft's name for the invisibility tool Sony BMG added to 52 of its music albums, and placed on more then 5 million CDs.

In early November, a security research disclosed that Sony BMG was using the rootkit -- usually deployed only by hackers and spyware makers -- to hide the XCP copy-protection software built by First4Internet. The rootkit, said the researcher, posed a substantial security risk, since attackers could use it to hide their malicious code from anti-virus and anti-spyware defenses.

Previously, Microsoft added detection for the rootkit to its Defender anti-spyware software, but the reach of Malicious Software Removal Tool is broader, since it's automatically downloaded by the Redmond, Wash.-based developer's update services.

Security bulletin MS05-054 also included a Sony BMG tidbit. That patch for Internet Explorer sets the "kill bit" for older editions of the ActiveX control left in place after First4Internet's original rootkit uninstaller was used. Setting the kill bit, said Microsoft, prevents the ActiveX control from running.

"Older versions of this control have been found to contain a security vulnerability," Microsoft said in the bulletin.

Microsoft has often recommended setting kill bits in the Windows Registry as a temporary solution to software vulnerabilities, but the practice has been denigrated by some experts as crude. Bit like saying Katrina was a bit windy and wet.

I accept that hardly anyone knew/knows this or indeed cares, but if you aren't running automatic updates, you wish to pop along to the Microsoft Update page and get yourselves 'patched up'.

Cue deluge of Linux geeks and Mac maniacs... :D
Forgot to add:

Genius DNS hacker Dan Kaminsky designed a research project that has produced a count of the number of networks that have been infected with the malicious rootkit Sony distributed with its audio CDs: over 500,000 networks contain at least one infected machine. Some of these are governmental and military networks.
To which I would say 'PWN3D?' :D

Link to everything you could ever wish to know about Sony's little games is here

Similar threads

Latest Threads