World of Warcraft Hackers Using Sony BMG Rootkit

Yep, by using the rootkit to hide their special “cheat” files, these hackers can avoid detection by special WoW cheat prevention code.

Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD.

World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG’s content protection software can make tools made for cheating in the online world impossible to detect. The software–deemed a “rootkit” by many security experts–is shipped with tens of thousands of the record company’s music titles.

Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played. Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMG’s content protection, which only requires that the hacker add the prefix “$sys$” to file names. Source: Security Focus.

So it’s hilarious … and relatively harmless. But this is exactly what security firms were afraid of … and who’s to say this is the last we hear of this?

Gone But Not Forgotten …

I’ve addressed the need for protecting your data by backing up or imaging your hard drive … but I haven’t addressed the need for really deleting your data.

When you delete a file, you don’t really remove the data from your disk … whether it’s a flash drive or a hard drive … all that happens is that the OS is told that part of the drive is usable again.

If you really want to destroy the data, you have to do a lot better.

Now, formatting the drive isn’t secure either … nor is an FDISK … you can still retrieve the information. What you need to do is overwrite the old data … at least once, preferably more than once. I wonder how many people turn in old PCs for donation or sale not knowing just how much info could be recovered, if someone REALLY wanted to.

One way (not a good way, but it’s an example) is to defrag your hard drive … this moves data around on your hard drive and thus overwrites data. But, of course, it’s unpredictable as to which data get overwritten.

Here are some other solutions (not in any particular order and I am not specifically recommending any):

Darik’s Boot and Nuke (open-source)
WipeDrive (WhiteCanyon Software)
cyberCide (CyberScrub)

Just remember: the BTK killer would NOT have been caught if he hadn’t been foolish enough to re-use a floppy disk … authorities recovered data from the disk that pointed to Dennis Rader. In terms of BTW, this is a good thing, of course, but it shows that those of you out there need to be careful with your important data as well … you wouldn’t want some hacker picking up your data, would you?

Captcha at Yahoo! Email

I use Yahoo! email for just about everything. Mostly because I am an SBC DSL customer and thus I get some perks … like the ability to not just receive email from other POP3 accounts but also send email using other account email address. Thus, I use Yahoo! email for the email for my domain name, because that way I have the email on the Web and don’t have to worry about switching from PC to PC (and Outlook Express to Outlook Express).

Well, Yahoo will OCCASIONALLY use Captcha to verify you. Now, I understand that this is used to prevent spamming, but I’ve had it happen 3 – 4 times and the last time it happened it gave me an image I thought was ridiculous. The first time, I missed it, and despite what it said … I lost the email … which was a real pain. The second time I got this image, which I still thought was ridiculous … but managed to guess the right value.

Give me a break, will you? All I was doing was sending an email to my friend … only ONE email address … I am still NOT sure what triggers this Yahoo! response, but it’s a pain, that’s for sure.

Sony Makes Some DRM Concessions …

It appears Sony … kind of got the message. The big flap over the DRM that appears on their current music CDs has caused them to introduce a patch to eliminate the rootkit features of the copy protection.

Sony BMG Music Entertainment and a technology partner are working with antivirus companies on a fix for a potential security problem in some copy-protected CDs.

Earlier in the week, security experts said that anticopying technology used by Sony BMG could be adapted by virus writers to hide malicious software on the hard drives of computers that have played one of the CDs. The antipiracy tool is included on many of Sony BMG’s latest music releases, from Van Zant to My Morning Jacket.

More details at News.com.

It’s a nice step, but unfortunately I would categorize it as a first step. Why? Files are still being installed on my computer without my knowledge. It’s not even in the EULA. What I’d like is for the installer to say … “hey, I’m going to install x, y, z. You may not like it. If you don’t want it, click Cancel, but you won’t be able to play this CD on your HD.” That would be acceptable. What I can’t stand is stuff being done in the background.

Adding a External Hard Drive (the Hard Way)

Adding an external hard drive the EASY way would be to just buy an external HD and attach it to a USB port (or Firewire, but these days it’s mostly USB 2.0).

The hard way … buy your own enclosure and HD, hook them up and attach it to a USB port.

Doesn’t sound THAT hard. But in my case …

I found a Maxtor 300 GB HD on sale (with rebate) for $89.99. I found a nice looking aluminum external enclosure for about $30. I also received a rebate of 4% from one of my rebate sites (MrRebates or Fatwallet, can’t recall which). Or I could have purchased a 250 GB HD for $149 + tax. I’d never tried this before (I’d hooked up new internal drives, though) so I thought it would be easy.

Well, first thing I did after getting the parts was was hook up the drive to the real hardware of the enclosure … the part that had the USB hardware + the power connection and IDE port … and I noticed the HD was making a clunking noise when I powered it up. Uh, oh.

Connected it, and as I figured, nothing. HD was bad. Sigh. Returned it (they gave me a credit of $8 for shipping and it cost me $7.80 for shipping and insurance … whew).

All right, just got the new HD. Hooked it up. No clunking. Put things together. Oops, I screwed everything in but did not put the panel on top (side) of the enclosure. Unscrew things. Let’s try it again.

All right, connect it to the PC. It’s recognized. Open up Windows Explorer. Hey, where is it?!

I figured I knew what it was, but I wasn’t 100%. I opened up the Disk Manager (Start, Settings, Control Panel, Administrative Tools, Computer Management, Disk Management). I could see the drive, but no drive letter and no partition. Figured it was the partition that was missing that was screwing it up.

Well, I’d never partitioned a HD in XP. I actually had to look it up. I used the DiskPart command line tool … didn’t even know about this. After partitioning it using the a) List Disk, b) Select Disk (2 in this case), Create Primary Partition commands, I could see in Disk Management that the partition was there, but still no drive letter.

Right clicked on it … and viola, I could NOW select a drive letter.

Now all I have to do is format it … then comes the fun part … hooking it up to the Linksys NSLU2 NAS device I have already purchased. I might wait until tomorrow for that one!

Digital Rights Management Gone Wild

I really respect Mark Russinovich. His Sysinternals website is a dream for tech geeks like me. There is a lot of useful software and information available for free. For example, I use RootkitRevealer, PsTools and Process Explorer all the time.

I was shocked when I read the following article:

Mark Russinovich was doing a routine test this week of computer security software he’d co-written, when he made a surprising discovery: Something new was hiding itself deep inside his PC’s guts.

It took some time for Russinovich, an experienced programmer who has written a book on the Windows operating system for Microsoft, to track down exactly what was happening, but he ultimately traced it to code left behind by a recent CD he’d bought and played on his computer.

More details at News.com.

Here’s what Russinovich found that’s really scary: with the assistance of the copy protection rootkit, Windows will deny the existence of any file, directory, process or registry key whose name begins with “$sys$.” He verified this by making a copy of Notepad named “$sys$notepad.exe,” which promptly vanished. This means that any hacker who can gain even rudimentary access to a Windows machine “infected” with the program can now hide anything he wants under the “$sys$” cloak.

When I buy a CD, I don’t expect to have a rootkit installed on my PC, especially when the EULA does not mention it. There are things I don’t want on my PC. C-Dilla (remember the TurboTax activation debacle?) or StarForce (mostly used by games). I’ve always been careful with software and games, making sure I don’t “corrupt” my PC by installing extra software that never goes away. Looks like I will have to start doing the same with music I buy.