Asian users not entirely safe from Sony 'rootkit'

Asian consumers of Sony BMG's 'rootkit' CDs may not escape unscathed from malicious hackers looking to exploit the loophole, warn security experts here.

Sony has come under fire for deploying a tool that uses rootkit techniques. Called XCP, the technology was deployed by the company as a copy-protection measure.

A rootkit is a form of Trojan that conceals itself and other files such as registry keys and network connections, from detection. It can seize control of API (application programming interface) commands, and allow malicious hackers to gain root access to the user's computer.

After news broke that a Windows programming expert had discovered rootkits being installed in his computer by his Sony music CD, malicious tools that exploit Sony's XCP technology have since emerged on the Web.

In fact, 27 security threats related to the software have been submitted to the Symantec's security response center so far, according to Yeong Chee Wai, Symantec Singapore's presales consulting manager. But none of the submissions currently originate from the Asia-Pacific region, he said.

At press time, Sony did not respond to queries about how, and if, users in the region would be affected.

The official word from Sony is that the software is embedded in 50 commercial titles. The company has stopped production of CDs with the technology, and Sony BMG said it will be recalling millions of CDs that contain the rootkit tool. Sony currently also faces lawsuits from several American and Italian organizations that are threatening to sue the company.

However, Charles Cousins, managing director of Sophos Antivirus Asia, warned that even if the CDs are not distributed in the region, users here may not be safe from the security flaws.

"There is always a possibility that somebody from Asia could easily order them over the Web from an American Web site," noted Cousins.

Yeong added: "Based on what the engineers have told us, the rootkit is not language-specific. So for all intents and purposes, if it were to be played in a computer in Asia, it would still function in the same way."

Cousins advised consumers to simply avoid popping in CDs which contain DRM (digital rights management) programs into their computers. In addition, they need to ensure their computers are automatically updated with the latest antivirus software.

Other measures that Symantec's Yeong advocates include turning off and removing unneeded services that are not critical such as an FTP server and telnet. These services are avenues that malicious hackers can exploit, he explained.

By turning off these options, he added, attackers have fewer loopholes to manipulate and users have fewer services to maintain through patch updates.

Microsoft has also said it would update its security tools to identify and remove the rootkit component in XCP.