OMI
11-18-2005, 05:51 PM
I know I saw another post that mentioned this... Below came from our IT folks in the sky..
...
7.0 (U) Technical Overview for IT Professional:
7.1 (U) Sony BMG bundles copyright protection software made by First 4 Internet called XCP-Aurora. This software is installed when a user attempts to play a protected CD in a computer. Although the user is expecting to install a music player the user is actually prompted to install the copyright protection software. The software consists of several pieces of low level software that have the ability to monitor and hide from the operating system. The software installs a device driver that will hide any file or process that begins with $sys$. Several Trojans are now actively taking advantage of this cloak.
7.2 (U) XCP-Aurora does not provide an uninstall feature. If a user tries to manually remove the software, the system will become unstable. The software is also forced to launch in the safe mode.
7.3 (U) XCP-Aurora also has vulnerabilities in the driver, which run with the highest privilege level and would allow an attacker to perform privilege escalation. This vulnerability will result in memory corruption that will allow attackers to execute code in kernel mode. This allows an attacker to take full control of an exploited machine.
Hmmmmm
Not nice....
...
7.0 (U) Technical Overview for IT Professional:
7.1 (U) Sony BMG bundles copyright protection software made by First 4 Internet called XCP-Aurora. This software is installed when a user attempts to play a protected CD in a computer. Although the user is expecting to install a music player the user is actually prompted to install the copyright protection software. The software consists of several pieces of low level software that have the ability to monitor and hide from the operating system. The software installs a device driver that will hide any file or process that begins with $sys$. Several Trojans are now actively taking advantage of this cloak.
7.2 (U) XCP-Aurora does not provide an uninstall feature. If a user tries to manually remove the software, the system will become unstable. The software is also forced to launch in the safe mode.
7.3 (U) XCP-Aurora also has vulnerabilities in the driver, which run with the highest privilege level and would allow an attacker to perform privilege escalation. This vulnerability will result in memory corruption that will allow attackers to execute code in kernel mode. This allows an attacker to take full control of an exploited machine.
Hmmmmm
Not nice....