« Journalism 2.0: It's Not the Meat, It's the Motion | Main | The Real Story Behind Sony's Rogue Rootkit »
November 17, 2005
Gay Scat, Nylons & Sony: The Evil of Stealth Software
As you probably know, Sony is busy backpeddling from a boneheaded decision to use a secret form of digital rights management software on its CDs. As the London Free Press explains, "This anti-copying software would automatically install on a user's computer when the music CD was inserted in a computer disk drive. ...The application was designed to install at a 'root' or system level and be disguised so it could not be found by normal means. Also, the computer user would need to read the entire user agreement and understand the wording in order to have any awareness of the application and how it would operate.
"Second, the media player Sony used with the CDs would send the Internet protocol address of the user's computer and their listening habits back to Sony -- without notice to the user. As if that wasn't enough to create a public relations problem, the application could be co-opted by a hacker. Designed to hide a legitimate objective (preventing unauthorized copying) it could also be used to hide other objects, including malicious code taking advantage of the Sony technology. It did not take long for an exploit to appear."
Insert Scream-like expressions of horrified PR execs here.
What's interesting about Sony's stupid move (aside from reminding us of the age-old truism that companies are perfectly happy to mislead their customers when it suits them) is how much it mirrors the common, sleazy tactics of so many Internet bottom feeders. My PC was hijacked recently thanks to an unknown person in Odessa and Integrated Search Technologies, which appears to specialize in software that both forces itself upon consumers and downloads third-party software PC users haven't requested.
The hijack happened because I wondered why this blog (and others) got a slew of trackback spam that promoted mainstream branded products (including autos from Ford and Toyota and phones made by Nokia) along with the usual collection of links to gay scat (who knows?), casino and big boob sites. So I followed a trackback link to a faux Nokia 7280 review at mobile-nokia.info/ nokia-7280-high-fashion-lipstick-phone while recklessly using IE (Foxfire is my usual choice).
Quicker than you can say foolhardy, a security warning appearing on my screen and asked if I wanted to install and run something from Integrated Search Technologies (IST). The answer was no no, a thousand times no but the evil scum who engineered this particular piece of marketing madness didn't care what I wanted. The first gray box was replaced with another: "Click YES to have access now."
The bottom of the IE window said it was “installing components…ysb_regular.cab” so I shut down the PC. When I restarted, a file called download.xxx was sitting on the desktop. After I deleted the program, I used Firefox (under my settings, it should *not* allow a web site to download or install software without my permission, although I did allow Javascript, to go back to the site and saw this:“Applet Installer Applet started." In a panic, I unplugged the PC. Later I turned off Javascript in Firefox and went back to the site. No problemo.
The WHOIS registry lists an Odessa address as the registrant behind the faux Nokia wonderland that hijacked my PC but he or she is not the power behind the sneaky software. According to DOXdesk, that dubious honor belongs to IST, which provides ysb_regular.cab or the ISTbar, “an IE toolbar, homepage- and search-hijacker."
DOXdesk is wildly helpful in explaining how it works: “Installed by ActiveX drive-by download on affiliate sites; typically porn in the case of XXXToolbar, from April 2003. An ‘aggressive’ downloader is usually used: if you refuse the download, a JavaScript alert complains that it won’t take no for an answer and opens the download window again.” In my case it didn't open the download window again, it simply downloaded the program despite my frantic attempts to stop it.
According to DOXdesk, all versions of this corrupt bit of coding "also install other third-party software which includes advertising." This is not the worst part, though. The worst part is this: the software “can download and execute arbitrary unsigned code from its controlling server. This is used both to update the software and to install third-party software.”
IST describes itself as "a leading Internet marketing solutions provider, specializing in effectively targeting valuable customers at the moment they are most interested in a particular product or service. IST targets the customers through several different delivery methods such as highly effective toolbars and plugins available for Internet Explorer." Plenty of folks would disagree with that description, including those who've filed a complaint with the FTC against the company.
Until recently, I would never have compared companies like IST and Sony but now I do. Smooth move, Sony. You gotta wonder why this behavior is legal for Sony, for Integrated Search Technologies or for any other company or individual. Regulators, are you listening?
Posted by Deborah Branscum at November 17, 2005 02:42 PM