Sony Music CDs surreptitiously install DRM Trojan horses on PCs

Sony Music CDs surreptitiously install DRM Trojan horses on PCs

Summary: Reports are beginning to turn up around the Web that discuss how certain CDs from Sony Music come with a Trojan horse-based digital restrictions management (DRM) technology that surreptitiously installs itself as a rootkit on Windows PCs.   When software surreptitiously installs a rootkit, it's usually doing so to cover its tracks -- a technique commonly associated with malware such as viruses and Trojan horses.

TOPICS: Malware

Reports are beginning to turn up around the Web that discuss how certain CDs from Sony Music come with a Trojan horse-based digital restrictions management (DRM) technology that surreptitiously installs itself as a rootkit on Windows PCs.   When software surreptitiously installs a rootkit, it's usually doing so to cover its tracks -- a technique commonly associated with malware such as viruses and Trojan horses.  Rootkits generally latch themselves onto the foundation or "roots" of an operating system in a variety of ways that not only prevent their detection, but also their extraction.  According to the Wikipedia's definition," a rootkit is often used to hide utilities used to abuse a compromised system."

In a scary entry on his Sysinternals Blog posted yesterday (Halloween), Mark Russinovich provides an incredibly detailed account (many screen shots) of how his testing of the latest version of RootKitRevealer (a utility for exposing any installed rootkits) led to his own shocking discovery --- that a rootkit had been surreptitiously installed on his own system. Wrote Russinovich of his surprise, "Given the fact that I’m careful in my surfing habits and only install software from reputable sources I had no idea how I’d picked up a real rootkit, and if it were not for the suspicious names of the listed files I would have suspected RKR to have a bug."

Upon further investigation Russinovich traced the installation to his usage of a Sony BMG music CD (Vant Zant Bros. Get Right with the Man) that he purchased through  The CD's listing page on says the CD is copy protected, but makes no mention that the copy protection is enforced by way of surreptitiously installed software.  According to some additional information regarding copy protection on Amazon's site:

This product limits your ability to make multiple digital copies of its content, and you will not be able to play this disc or make copies onto devices not listed as compatible. Content/ copy protected CDs should allow limited burning, as well as ripping into secure Windows Media Audio formats for playback with most compatible media players and portable devices. In rare cases, these CDs may not be compatible with computer CD-ROM players, DVD players, game consoles, or car CD stereos, and often are not transferable to other formats like MP3.

In rare cases? DVD players? Car CD stereos? Is Sony BMG nuts? This is another DRM trainwreck just waiting to happen. In the Berlind household for example, CDs are played exclusively through the central 6-disc DVD player that's a part of our whole-home theatre system. I can't imagine buying a CD only to learn it doesn't work.  By the way, have you ever tried to return a CD after you open it? (maybe the "R" in DRM should be for "Ripoff"?).

According to Russinovich, when played on a computer, the music can only be played using playback software that comes packaged with the CD (the implication is that usage of the media player is what resulted in the surrepititious installation of the rootkit).  Near the end of his thorough investigation Russinovich identifies at least one major problem that could result from Sony's employment of DRM in this fashion:

The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

Another question that comes to my mind is, given the way rootkits intercept certain system level functions, what will happen when some other music label uses a rootkit that's different from the one used by Sony BMG. For example, if I already have one rootkit on my system that's intercepting specific system level functions and another CD installs a different rootkit that attempts to intercept the same system level functions (essentially overwriting the first rootkit), will that interfere with my ability to listen any of my  DRM-protected CDs? 

Russinovich isn't the only one who discovered the problem.  ZDNet reader Barry Ritholtz pointed me to his own account (see DRM crippled CD: A bizarre tale in 4 parts) of an encounter with a DRM protected CD (also from Sony): Morning Jacket's Z.  In his tale of DRM woe, Ritholtz points out another restriction that turned up in with the CD's Digital Restrictions Management technology. In what I'll refer to as the third trainwreck of DRM, he can't transfer the music to his iPod (I suspect that the same barrier to transferring music to the iPod will also prevent transfer to a Microsoft PlaysForSure-compliant device, but am not sure).  Ritholtz then discovers that the artists (Morning Jacket) aren't exactly on-board with this idea and points to their official statement regarding the application of DRM technology to their music:

We at ATO Records are aware of the problems being experienced by certain fans due to the copy-protection of our distributor. Neither we nor our artists ever gave permission for the use of this technology, nor is it our distributor's opinion that they need our permission. Wherever it is our decision, we will forego use of copy-protection, just as we have in the past. 

Z isn't the only band that's upset with the latest DRM developments.  Last month, reported how a member of the band Switchfoot whose DRM-protected CD debuted at No. 3 on The Billboard 200 was equally disappointed.  Said Switchfoot guitarist Tim Foreman, "We were horrified when we first heard about the new copy-protection policy.... It is heartbreaking to see our blood, sweat and tears over the past two years blurred by the confusion and frustration surrounding new technology."

Even more demonstrative of the control points afforded to any market leading or dominating solution, the CNN story goes onto describe how Sony BMG is aware of the problems when it comes to transferring music from its DRM-protected CDs to iPods and is "urging people who buy copy-protected titles to write to Apple and demand that the company license its FairPlay DRM for use with secure CDs."  Even though Apple's Fairplay may not have a monopoly yet, the company is behaving very monopolistically, an issue I discuss in another blog entry that I posted today.

What's even more ironic about the application of copy protection to music CDs is how the record label is now providing a workaround to defeat it. In Part IV of his personal saga, Ritholtz provides the text of a workaround that was sent to him via email.  Of course, workarounds from the same people who applied the copy protection in the first place beg the question, why bother?  

In response, Ritholtz is apparently doing more than declaring inDRMpendence as I have been urging ZDNet's readers to do.  He taking the economic punishment I'm suggesting one step further by refusing to buy some of Sony's other products: namely a notebook and a big screen.  Now if only the rest of us could follow suit....

Topic: Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Nice to see artists starting to rebel

    It's good to see some artists finally realizing what's being done in their names. You can bet that Switchfoot and their ilk will look to sign a very different contract next time around.

    Personally, I think these guys should be used as role models for artists in the music business:,1284,69403,00.html?tw=newsletter_topstories_html

    As for Sony--does this open them up to lawsuits as distributors of malware?
    tic swayback
  • But wait, it gets worse

    Have you seen the Halloween Document the MPAA are trying to push through Congress in an attempt to close the analog hole? Seriously, this is getting insane:
    And what might these MPAA-specified, government-mandated technologies do?
    They prescribe how many times (if at all) the analog video signal might be copied - and enforce it. This is the future world that was accidentally triggered for TiVo users a few months ago, when viewers found themselves lectured by their own PVR that their recorded programs would be deleted after a few days.

    But it won't just be your TiVo: anything that brings analog video into the digital world will be shackled. Forget about buying a VCR with an un-DRMed digital output. Forget about getting a TV card for your computer that will willingly spit out an open, clear format.

    Forget, realistically, that your computer will ever be under your control again. To allow any high-res digitization to take place at all, a new graveyard of digital content will have to built within your PC.

    Freshly minted digital video from authorised video analog-to-digital converters will be marshalled here and here only, where they will be forced to comply with the battery of restrictions dictated by Hollywood.

    A commentary can be found here:
    Hollywood has fielded a shockingly ambitious piece of "Analog Hole" legislation while everyone was out partying in costume. Under a new proposed Analog Hole bill, it will be illegal to make anything capable of digitizing video unless it either has all its outputs approved by the Hollywood studios, or is closed-source, proprietary and tamper-resistant. The idea is to make it impossible to create an MPEG from a video signal unless Hollywood approves it.
    This is like the Broadcast Flag on steroids. The Broadcast Flag only covered TV receivers. This covers everything with an analog video input. If this had been around in 1976, the VCR would have been illegal. Today, it would ban Mythtv, every tuner-card in the market, and boxes like ElGato's eyeTV the Slingbox and the Orb and the vPod. This is a proposal to turn huge classes of technology into something that exists only at the sufferance of the studios.

    And what do they suffer? Not much. Here are a couple of the stupid ideas we can expect to see protected through rules like this, all drawn from real discussions with DRM lobbyists from the MPAA:

    1. You can "accept a contract" by changing the channel. If you change the channel from 3 to 4, and the show on channel 4 has a signal that says it can't be recorded, then by watching channel 4, you're "making an agreement" to waive your time-shifting right in exchange for the show. This is like a shopkeeper hiding a "I reserve the right to punch you in the nose" sign somewhere in his shop and then randomly clobbering his customers, answering any complaints by saying that you agreed to it when you came through the door.

    2. Everything with value has a price-tag. Today you can rewind TV, fast-forward it, skip the ads, move it to another device in your house, or stream it to your web-browser on the road. Tomorrow all of these features will only exist if they are permitted, on a case by case basis. The studios will "enable the business-model" of charging you money for the stuff that you get for free today. Here's a quote: "Doing this stuff has value, and if it has value, we should be able to charge money for it." They do indeed have value: you currently enjoy that value. Under this proposal, the value will be stolen from you and sold back to you piecemeal.

    Now, will this solve any problems? Don't be ridiculous. There are literally tens, if not hundreds of millions of products in the market today that don't obey the rules the studios want to embed in their video. If just one of those devices gets access to the video, then poof, it's on the Internet. In other words, you won't need to own a free and open digitizer card to get access to digitized video: you'll just need to own Internet access.

    So what problem does this solve? In the parlance of the studios, this will "keep honest users honest." Which is to say that if you're someone who only wants to go on doing all the perfectly legal things that you can do with video today -- watch, store, time-shift, space-shift, format-shift -- then you will be prevented from doing so without permission.

    However, if you're someone who actually wants to infringe copyright by downloading video from the Internet, this will have zero effect on you. This is not a proposal to protect copyright -- this is a proposal to bootstrap Hollywood's limited monopoly over who can copy its movies into an unlimited monopoly over the design of deivces capable of copying its videos.

    Any lawmaker who supports this is an idiot. Americans will forgive a lot of sins from their elected representatives, but there's one thing they won't stand for and that's breaking their TVs. Watch this space for information on how you can contact your congresscritter and make sure s/he gets the message.
    tic swayback
    • you're blog well researched and thought out

      i can only add one thing, in addition to the congresscritters, i would add to it "and don't forget the senatetation workers either
  • I would think...

    That since the EULA does not mention the trojan, nor is there an uninstaller provided that any lawyer who wanted to pursue this could easily win a class-action lawsuit...and this is coming from a person who normally abhors lawsuits. This is just going too far. This goes beyond reasonable means and amounts to a corporation purposefully installing viruses on computers and misleading customers about it by not including it in the EULA.

    I think the simple solution is that we all need to just look for other entertainment. The music industry has pretty much done everything they can to tell us not to buy music. Perhaps we should just give up on trying to get them to listen to us, start listening to them, and stop buying music.
    • Arrest the person repsonsible

      And lock them up. That's what happens to others who'd pull a stunt like this. Is there Anti-Virus signatures for this? If there isn't soon then maybe a class action lawsuit against the anti-virus companies.
    • Just make recordings on cassette tapes from the audio output.

      Then make a CD or MP3 from the tape.
      Update victim
      • They Want To Plug The Analog Hole Also

        And they are starting the process to buty some new laws on Thursday to make it ilegal for you to even tape anything...

        See Tic's post
        Edward Meyers
        • Just curious: why is your handle hyperlinked?

          And why doesn't it take me anywhere, dangit?
          Jeff Spicoli
          • Because ZDNet is incapable of managing their own technology

            How many weeks has it been since the talkbacks actually worked
            correctly, or were up for more than a few hours at a time? Note the
            poster below who seems to have posted the same thing 4 times.
            tic swayback
      • read story closer

        some of the trojans they are working on would put a stop to that too.
  • So who's getting criminally charged here

    If I were to start distributing trojans and rootkits you can bet I'd the cops kicking my door and dragging me off to a jail cell.

    Who at Sony will be going to jail for this?
    • Yup

      too bad we wont see much more than the "oops" response.
      IT Scion
      • Hmmm,

        Doesn't the whole kicking in doors and arresting people begin with somebody filing a criminal complaint in white collar crimes like this one?

        Just curious on the fine points of the law since it's obvious that the end user isn't told that uninstallable software is going to be installed on their system and that software is stealthed and it can cause harm to your system if removed. That sounds like your basic piece of malware to me. Why doesn't somebody who has been infected file a criminal complaint and let the FBI deal with Sony.
  • What, no comment by No Ax yet

    Saying how we are all crying a bunch of pirates and that DRM is great, M$ is great, get a clue, ect.

    Seriously this is big problem and the only way it will stop is if consumers refuse to buy into it.
    • I'll definitely avoid Sony CDs

      In fact I'm not buying any. How do I know other creeps in the other big music Labels aren't hacking my PC when I play my music.
      • I enjoy buying many cd's today...

        I have refused to buy any DRM'd CD up to this point.. Now it's DRM'd and Sony cd's :P

        Just great.. Thanks for limiting my collection RIAA.. My next step will be to stop buying movies I guess..
      • Forget about Sony CDs.. What about...

        [b]In fact I'm not buying any. How do I know other creeps in the other big music Labels aren't hacking my PC when I play my music.[/b]

        ...Sony VAIO computers...? Are they now gonna come preinstalled with rootkits and other malware as "standard" equipment? Or are they gonna just wait until you insert one of their infected CDs until it gets installed
  • It gets. much, much worse - rootkit can disable your PC!

    Read it and weep:
  • Here Come The Lawsuits

    This is a crock if I ever heard it, installing software on your own machine that screws with its ability to play music.

    This is just as bad as Gator corp slamming adware down people's throats without their knowledge.

    I hope Sony gets so mired down in court from lawsuits and so many artists leave their label that they'll go out of the music business.
    • Hardly

      [i]I hope Sony gets so mired down in court from lawsuits and so many artists leave their label that they'll go out of the music business.[/i]

      That's not likely. But there's no reason to not expect their sales to slump... and right at the busiest shopping season of the year, no less.

      As for me, the "SONY" brand has just became a deal killer here. No more CDs (prerecorded and blank), electronics, movies, nothing.

      I'm sure that No-Ax person will be along soon to tell me that Sony will never miss my lost purchases, and he/she will most likely be right.

      But you have to resist in any fashion you can, and so it is.
      Hallowed are the Ori