Sony CDs continue to cause controversy as an unrelated threat emerges, and black hats are ramping up for the holidays with a new instant messaging worm designed to trick more security-conscious users.
Details
It turns out that the rootkit disaster perpetrated by Sony in an effort to prevent users from actually playing the music on the CDs they purchased wasn't the only threat posed by CDs from Sony. Just when you thought it was safe to play holiday carols over the office network, a new malware threat has surfaced on even more Sony CDs.
The latest threat—caused this time by SunnComm Technologies' anti-copying software—is unrelated to the Sony BMG digital rights management malware, hidden by the company on millions of CDs released in early 2005 and reported by Mark Russinovich in November. But after someone wrote and distributed a worm to take advantage of the First 4 Internet malware discovered in nearly 5 million Sony BMG CDs, the Electronic Frontier Foundation decided to investigate other Sony CDs.
This is a serious threat—it can allow an attacker to gain complete control of a PC that merely played the CD. The new threat apparently only applies to CDs sold in the United States and Canada; Sony has posted a list of titles infected by the SunnComm MediaMax software threat.
While Sony has also posted a patch, I'd be a bit cautious about applying the fix right away. The first patch Sony released turned out to have a bug of its own, according to a Princeton computer science professor's blog. According to the blog post, an interesting aspect of this malware is that it installs "even if you decline the MediaMax license agreement."
Sony has purportedly fixed the patch, but at this point, my advice would be to just say no to playing any Sony CDs in your computer—stick to playing them in your vehicle's sound system!
In other news, that old adage, "A fool and his money are soon parted," has always applied to people who click links in e-mails and instant messages from strangers, but even these users are slowly catching on to the threats. Never ones to rest on their laurels, black hats have been quick to adapt.
A new IM worm, Myspace04, actually sports some built-in responses. Those responses can lull even somewhat cautious individuals into following a tempting link, thereby downloading a tool that disables security software and plants a backdoor on the system.
Now, I have nothing against IM. (OK, actually I do—I think it's stupid to permit IM in most business situations.) However, it can be useful if you're smart about how you manage it.
For example, I have, on occasion, used IM when working with some of my TechRepublic editors, but I've never published my address elsewhere, and I've never had more than two addresses in my approved contact list. Remember: The major threat from IM isn't the software but how people use it.
Finally, just as Hurricane Katrina spawned a flood of malware-loaded e-mails and instant messages, the season for malicious greeting cards is now upon us. Warn your users about this impending threat, but be prepared for a flood of infections just in case.
Final word
I've never understood why most companies refuse to place the proper blame when an employee brings down the corporate network because he or she just had to see a video of a naked teenage actress and clicked a highly suspicious link. When will organizations learn that their network is vital and that the only way to stop people from crashing it—not to mention incurring costs of billions of dollars each year from cleaning up malware—is to publish and enforce severe penalties for such dumb moves?
No sensible management would tolerate employees leaving alarms turned off or doors unlocked over the weekend. However, these same companies fail to appropriately discipline employees who actively invite malware into the network. Is it any wonder we continue to see networks brought to their knees by stupid employee tricks?
The latest Sony debacle shows once again that you can't be too paranoid. A month ago, I personally would have never given a second thought to playing a new brand-name music CD in an office computer—now I wouldn't even duplicate one for personal backup.
And isn't that interesting? Could it be that Sony planned this whole thing just to stop people from making backups of their favorite CDs by scaring them out of even putting CDs in their PCs?
Even those users who only made backups and ignored DRM threats will now be extremely cautious about putting any Sony CD in their PC. Could there be something even more sinister to this story than mere incompetence?
Also watch for…
- FrSIRT has announced a critical remote stack overflow vulnerability that can result in an Oracle 9i database XDB HTTP authentication exploit.
- A recent ComputerWorld article has defused some of the paranoia we all feel when we see a surge in port scanning. Apparently, a dramatic increase in port scans only presages an attack in about one in 20 incidents, according to a honeypot study performed by the University of Maryland.
Miss a column?
Check out the IT Locksmith Archive, and catch up on the most recent editions of John McCormick's column.
Want to stay on top of the latest security updates? Automatically sign up for our free IT Locksmith newsletter, delivered each Tuesday!
John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.
