Malware

ICANN remains master of Internet domains—for now

ICANN received a last-minute reprieve at the World Summit on the Information Society last week and will keep its control over Internet domains. Meanwhile, SonyBMG didn't fare as well as a recent Trojan kept its surreptitious rootkit in the spotlight. Get the details about both stories in this edition of the IT Locksmith, and get the best of the rest of recent security news.

The Internet Corporation for Assigned Names and Numbers (ICANN) received a last-minute reprieve at the World Summit on the Information Society, when the Bush administration agreed to the creation of a new U.N.-based discussion group. Meanwhile, SonyBMG continues to try to weather the fallout from its surreptitious copy protection rootkit, as conditions grow more stormy with the emergence of a Trojan horse that uses that rootkit to take over PCs.

Details

A last-minute compromise proves that the U.S. government understands the vital importance of keeping the Internet as free as possible. That agreement, signed by the Bush administration last week, took ICANN off the auction block at the World Summit on the Information Society, held in Tunisia last week.

While ICANN will continue its role of approving new top-level domains (TLDs), setting minimum prices for domain names, and overseeing a dispute-resolution process for domain names, the agreement also calls for the creation of a U.N. "Internet Governance Forum." The new U.N. will have no regulatory powers; instead, it will serve as a forum for ongoing discussions about Internet management.

Early reports are a bit confusing because a U.N. organization with a very similar name is far from new, but the important point is that ICANN is still standing—for now. The last compromise, which occurred three years ago, put off discussions until this year's conference.

This is a very big deal, if not particularly unexpected—the Bush administration, and therefore the U.S. State Department, had vowed to fight the growing international demand that ICANN give up control of the Internet. Not surprisingly, Microsoft, Google, and other high-tech companies backed the administration's position.

In addition to the very real fears of censorship, many had major concerns that the cost of registering a URL would rise. (I currently pay $16 a year, including URL forwarding and more.) Certainly, having the U.N. in charge would not have made new registrations easier.

One reason the United States simply can't ignore the demands for changes—including a move from Latin-alphabet-only TLDs—is that countries such as China could elect to configure their own country- or region-specific Net, essentially setting up a competing, and incompatible, Internet. To learn more about the summit, check out this interview with Ambassador of Bureau of Economic and Business Affairs David Gross, head of the U.S. delegation.

Meanwhile, SonyBMG's infamous digital rights management rootkit has resulted in at least one Trojan horse (Ryknos), which takes over PCs "infected" by the SonyBMG music software. In the wake of the threat—and the fact that Sony made removing the malware a complex, difficult process that often requires dreaded contact with a corporate help desk—Microsoft has already announced upgrades for its Windows AntiSpyware and Malicious Software Removal tools to deal with the dangerous rootkit infection. (I'm waiting for Microsoft to get back to me with details on this.) Symantec has already posted a Ryknos removal tool, which also appears to remove the underlying cause—the First4 rootkit infection.

Sony and First 4 Internet, the U.K.-based vendor of the rootkit copy protection software used on the CDs, apparently still don't get it. According to a News.com story, when announcing the malware removal code, First 4 Internet's CEO told the press, "We want to make sure we allay any unnecessary concerns." That doesn't sound to me as if he understands that his company produced a dangerous piece of software.

As of November 17, several days after reports surfaced of a Trojan taking advantage of the SonyBMG malware, the First 4 Internet's home page still contained no mention of the problem or any fix. In fact, if you search the site for "rootkit," you'll get no results.

Even drilling down several layers to the press releases showed that the company isn't responding: The last posted press release is from August, and it focuses on the problem of putting copy-protected music from the DRM-protected CDs onto an iPod. The company offers to e-mail a workaround for any iPod users who feel confident enough in the vendor's code.

Final word

A class action suit against SonyBMG is already in the works, and if I'd been dumb enough to run something with DRM code on my office system, I'd certainly be joining. What do you think? Is this the death of efforts to enforce licenses on music CDs? It certainly gives a boost to all the online music services.

My question is whether Sony will face prosecution for planting dangerous malware on computers? Is there a law that specifically addresses this sort of thing? If not, when will Congress get off its collective duff and pass some serious and carefully thought-out high-tech crime laws that can protect us?

Although flawed, the U.K.'s 1990 Computer Misuse Act may apply. It will be worth watching to see if the Welsh creator of this DRM software undergoes prosecution for selling the code to Sony that leaves computers open to attack.

Meanwhile, Sony has announced a new VoIP service. So, what's your take on downloading free software from Sony to get VoIP? Post your thoughts in this article's discussion.


Also watch for …

  • Hacker group Elhacker.net had reported that Google's popular, free Gmail e-mail system, until recently, contained a serious bug that could allow spammers and others to easily access any Gmail account. Elhacker withheld publication of the exploit until after Google patched it, which it did on October 18.
  • Apparently trying to strengthen the security of its database software, Oracle recently bought out two privately held security firms, Thor Technologies and OctetString. In September, Oracle bought Siebel Systems, a sure sign that the rapid consolidation in the software industry that's seen many well-known vendor names disappear is continuing, and maybe even accelerating. (Although the U.S. Department of Justice has approved the proposed $5.85 billion acquisition, the deal still requires approval from the European Union, which will likely come soon.)

Miss a column?

Check out the IT Locksmith Archive, and catch up on the most recent editions of John McCormick's column.

Want to stay on top of the latest security updates? Automatically sign up for our free IT Locksmith newsletter, delivered each Tuesday!

John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.