Rootkits!?!?! Created 18 years ago2005-11-06 11:40:11 UTC by fourthgen

Have any of you tried root-kit revealer? I did it and I came up with loads of real root-kits.

Also, does anyone own a Sony Music CD cos if you've played it on your computer they have installed a root-kit which grabs hold of your Drive. DO NOT ATTEMPT TO UNINSTALL IT MANUALLY. YOU WILL LOSE YOUR DRIVE.

If you don't care about security then ignore this thread.

So what is a root-kit? From what you've said, it sounds bad! I'll stay away from Sony

Well, basically its a file that hides from the operating system permanently. It does this by changing the OS's file tables or summin which means that you cant see the file anymore.

Sony used this technology in their DRM system to stop people from bypassing the files. And now they are in big, big trouble with lots of people who didn't relise this was installed on their computer.

To get root-kit revealer go to http://www.sysinternals.com/Utilities/RootkitRevealer.html

Apparently sony are coming up with a way to remove it. But beware there are other root-kits out there which are purposely malicious.

BTW. Even though the files hidden it can still run itself. Which is why this could be so dangerous.

Rootkits are pieces of very low-level malware which practically become part of the OS. It's a NIX term, in fact.

If there's one way to make Windows even worse, it's to let a load of programming morons who think DRM is a good idea change your OS.

yeh, now I remember. It originated in UNIX where.......Can't remeber but it was something to do with priveliges or having root. Are we the only people worried about security?

PS. Run the scan and tell me what you get.

My guess would be software which would artificially grant root priveliges to a lower-level user? Just from the name :P.

Since only three people have posted so far, it's a bit early to say that nobody else cares.

Incidentally, I was relieved to find myself clean of all but three terminator-containing keys. I guess I should check them out, but they didn't look very serious, and can't be doing much on their own. This is exactly the kind of malware I always wondered and worried about. Only found that it existed when this story <did whatever big stories do>.

I found a good definition

The term "rootkit" (also written as "root kit") originally referred to a set of recompiled Unix tools such as "ps", "netstat", "w" and "passwd" that would carefully hide any trace of the cracker that those commands would normally display, thus allowing the crackers to maintain "root" on the system without the system administrator even seeing them.

Generally now the term is not restricted to Unix based operating systems, as tools that perform a similar set of tasks now exist for non-Unix operating systems such as Microsoft Windows (even though such operating systems may not have a "root" account).

I mean........I wrote it up

I've been using Sony music CD's on Winblows 2k for a long time, and no rootkits. Although I primarily use Gentoo, so if I did have any rootkits on winblows I really couldn't give a shit. I've got no valuable data on there.

When you say valuable...Does it mean Credit Card details because only a moron would save details like that...and call the file -

Hackersclickhere.doc

If they hack my computer, they are in for a surprise as I show them my gallery of disgusting pics.

Hackersclickhere.doc

lol

m0p you sure you have no rootkits. Because no current anti-spyware/virus will show them. Not even rootkit revealer will get rid of them. So for all you know you could be loaded with rootkits.
(Unless you HAVE already scanned).

Don't worry, m0p is super-1337; he doesn't need anybody's help.

Well said, seventh

Say's a guy who hates Windows!

Who doesn't hate windows?

The funny thing is. This doesn't just affect windows. The problem is their isn't any point for a hacker to hide a file on Mac or Linux because nothing can infect the OS.

I don't hate windows. If you all hate it so much why are you using it?
1. Its easy to use.
2. Its a great system for games.
3. Its great at multi-tasking (not as good as linux but its better than mac)

I hate Sony though!

The problem is their isn't any point for a hacker to hide a file on Mac or Linux because nothing can infect the OS.

Of course it can. You already quoted the history of the rootkit!

My scan only found one that was 0 bytes and said 'Key name contains embedded nulls.'

Googled for a little while to check it out, but couldn't really find any info on it.

Great. Another thing to add to the security tango...

Same thing as mine. Something to do with null-terminated strings, I assume.

Its great at multi-tasking

Uh, no it's not.

From reading that website, they sound really bad! Something should be done! And I trusted SONY...

Something should be done!

Yeah, you should ban yourself until you can stop spamming.

No seriously windows is the best at multi-tasking. Someone back me up. Thats the one downside to Mac it can't multi-task.

I have a sony laptop! I'll bet my computer's loaded with those things. I'm not going to download that rootkit scanner program, it'll probably make me depressed.

4thgen, no Windows sucks at multitasking, BSD is the superior for multitasking, and OS X is based on BSD. So by that logic, OS X must be good at multitasking, and if you disagree with me, I'll give you the technical info

Go on then m0p. Give me the "techincal" info. Im sticking with my view until you show me proof.

duh duh duh dum...

Apple Darwin (which is the OS X kernel) is a hybrid of the Mach microkernel, and the FreeBSD 5.x monolithic kernel as well as some proprietry programming from Apple. The bulk of the kernel is based on FreeBSD 5.x, although they've pulled components from Mach where FreeBSD 5.x lacks, such as the IPC (Inter-Process-Communication) and a few small components. FreeBSD is a very powerful kernel, and is used in many server enviroments, and even desktop/workstation enviroments. It's also widely popular in cluster-type enviroments, and SMP enviroments. With your non-existant knowledge of basic computing terms, I feel it neccesary to explain to you what SMP means. SMP stands for Symmetrical Multi Processing. In order to take advantage of SMP, the kernel must be able to handle multiple threads, or "applications" in idiot speak.

I really don't think it's neccesary to explain to you how BSD-based systems handle SMP and multiple threads, since:

A. I don't think you'd understand 1/10th of it, and...
B. I really don't have the time to explain to such a low form of life.

But I can gladly tell you than WindowsNT 5.x is pathetic at multithreading. Please don't argue with me, I've been using BSD for eight, count them EIGHT years and I've had more than enough experience with both Windows and BSD systems to know which one performs better in a variety of situations. If you want to argue, please get a copy of FreeBSD 5.3 (the basis of current Mac OS X systems), Windows 2003 (it's the latest released Windows NT kernel, and is the most scalable), a system that can handle many threads, and do some benchmarks whilst running some CPU hogging processes in the background.

lol, Is that the only way you can express yourself? Through Violence?

I would normally prove you wrong here but I don't think it would help because:

1. You would not listen and come up with your own arguments
2. You sound like a prick

Anyway. I am very glad that you can count to eight. Please tell me if you look up anymore accronyms in Wikipedia. Its always great to know how someone is doing.

So........anyone wanna go back to the topic. ROOT-KITS ?

lol, Is that the only way you can express yourself? Through Violence?

get used to it, I can't see m0p changing anytime soon. Anyway, you asked for it. (the info)

YOU WILL LOSE YOUR DRIVE.

Are you talking about the data, or the drive itself? If you're talking about the drive itself, then you're dead wrong. You can just do a low-level and then a high-level format.

4thgen, you sound like an 11yr old. I really don't think "prick" is a mature insult at all. Wow, all that spelling must've been difficult for your limited brain capacity to handle, did your daddy help you with it?

Good comeback Mop
Mop knows his stuff 4thgen, I can see your trying to act like you know it all, trust me, I used to do it, but can't you just tell he knows a lot!? He seems to post a lot...So theres your answer...

Wow, all that spelling must've been difficult for your limited brain capacity to handle, did your daddy help you with it?

Equally immature, m0p.. come on, you can do better than that!

You can just do a low-level and then a high-level format

Dude, we're talking about a CD-ROM drive. Read the posts before you reply :P.

Sorry m0p I take back my evil insults. Its just you get a bit out of hand sometimes.

By losing your drive I meant, it disappearing from the OS yeh sure its easy to get it back for us but there are tonnes of people who will just go in to delete the root-kit and get them selves into a lot of hassle.

Also, just because someone posts here a lot doesn't mean they automatically know everything. Just because someone knows what BSD is and can tell me what SMP is doesnt make them 1337 or all-knowing. Its about experience, and how long you have been in IT.

PS. I never said I was better than m0p. I just wanted to stick up for myself. m0p heres a tip: in future don't go into a full on war of words.

I don't get out of hand, I just won't let people spread misinformation. Windows isn't great at multitasking. And that's final.

Are you sure? Just because the machine runs slow because of all the other bugs and general stupidness of windows does not mean that its design is not more efficient. On paper, in theory Windows is better at multi-tasking. In real life it may not be because of what I just said. If you are right then I will move over to a Linux Distro in the next 24/h because that was the only reason I was sticking on to Windows. That and all the compatability issues.

Linux is NOT Unix, nor BSD. Linux is just a very sloppy clone which tries to combine some SysV elements with BSD elements. Nothing can surpass the performance of a true Unix system.

I have no idea what a rootkit is ! Can someone fill me in?

Read the 3rd post...

I know what Linux is! I just happen to have a spare copy of suse lying around which is why I said I would switch.

Pff, SuSE isn't great at all, one of my least favorite GNU/Linux distributions. Slackware (or Gentoo) eff tee dubya.

as i said I have a copy lying around. And its not just about how good it is....... its about an easy to use UI because other people use this computer too and I can't just leave them out. Theres just something about Suse..................... : . I might dual boot with Gentoo for a while though. I cant say I have really tried it out fully.

Most operating systems are fine for multitasking unless you're a speed freak or something...I can multitask fine on Winblows and Mac just the same.

Yeh, what I meant was in theory Windows should be better.

No, I must correct you again. In theory, Windows is flawed, just as in practice, it's equally flawed.

Please stop trying to outsmart eachother, it's really pathetic. The windows/linux debate is getting old.

Any back on topic;
I didn't know about root kits before this thread was created, and i'm appalled that a big company such as Sony would use such methods.

thx 4thgen for enlightening me on this.

I agree with SriBous, lets just leave this argument where it is and move on.

Back On topic:

Sony yesterday said that they have now stopped manufacturing the Cd's. In my view it is a bit late because around 27,000 Cd's had there "Copy Protection" so a lot of people may have it. Im not sure if I have told you this before.........but unfortunately the Rootkit technology is very flawed and has one VERY big hole in it which is very dangerous. ANY file which starts with the string $sys$ is rootkitted and just disappears. (but it can still run) This means that just about any junior "hacker" now has a great way to hide their viruses, spyware etc. Thats the really appauling thing for me.

The moral of the story is..................

Don't buy Sony products.