Be Careful Window Users

[lakewoodlawnman]

F-Secure confirms rootkit-like copy protection with Alpha-DVD

Posted by Seán Byrne on 16 February 2006 - 00:00 - Source: Techworld

 

Just recently, we reported on news about the Alpha-DVD software copy-protection used by a few DVDs causing issues with DVD burning applications on some systems without the protected disc loaded. F-Secure has looked into this and confirms that the utility uses rootkit-like activity to hide its process. Unfortunately, like the XCP copy protection Sony BMG used, it is possible with just a few lines of code to make use of Alpha-DVD's stealth functionality to hide processes on the system. The only difference is that it only hides its processes, but not its registry keys or files, so it is possible for AV products to remove it from the system.

 

Like Sony BMG's XCP, Alpha-DVD's copy protection does not offer any uninstallation feature. F-Secure also warned that hiding anything from users, especially administrators only helps create security vulnerabilities. On the other hand, Alpha-DVD was quick to release an uninstall tool on their website, which allows concerned users to remove its copy protection from their computer until they finish working on their upgrade patch.

 

Like most Malware, this copy protection system has been designed in such a way to make the user unaware that this has been installed. For example, it disguises itself with names similar to system files, attaches itself to some function calls to hide itself (even from 3rd party process viewers) and uses a different executable file name upon each installation. It has a file size of 827,392 bytes and identifies itself with "MS Corp." as its manufacturer. Interestingly, its EULA claims that its copy protection has been approved by Microsoft! Despite this sophisticated copy protection system, its disc does not use CSS, which means that it can be played back legally in Linux, not to mention being harmless to both Linux and Mac users. However, it does use bad sectors as a 2nd level of copy protection. Thanks to mrdataNY who use used our news submit to let us know about the following news:

 

A popular movie DVD has been discovered using rootkit-like copy protection, Anti-virus company F-Secure has revealed.

 

The German DVD of Hollywood blockbuster Mr and Mrs Smith, released on 24 January, contains copy-protection software called Alpha-DVD, according to news organisation Heise, which first reported the issue. The disc will not play on Windows PCs unless the software is installed. Alpha-DVD contains user-mode rootkit-like features that hide its own process, according to F-Secure.

 

The discovery comes not long after the controversy over similar features found in copy-protection software on CDs distributed by Sony BMG. Rootkits are used by intruders to maintain persistent access to a system, while keeping malicious processes hidden.

 

Some further info can be read on F-Secure news here and heise online here.

 

While Sony BMG’s use of rootkits has caused widespread unwanted publicity of the problems it has caused, apparently it looks like other companies are taking a risky gamble by also trying out similar technology in a hope that no one will discover their copy protection. However, it looks like anyone risking to deliver unwanted Malware-like software without an uninstallation feature is just asking for trouble.

 

mrdataNY added: This is technology at it's worst. No one should be allowed to put anything on your system without your expressed approva

 

Here is the Link:

http://www.cdfreaks.com/news/13073