*** Welcome to piglix ***

Extended Copy Protection


Extended Copy Protection (XCP) is a software package developed by the British company First 4 Internet (which on 20 November 2006, changed its name to Fortium Technologies Ltd) and sold as a copy protection or digital rights management (DRM) scheme for Compact Discs. It was used on some CDs distributed by Sony BMG and sparked the 2005 Sony BMG CD copy protection scandal; in that context it is also known as the Sony rootkit.

Security researchers, beginning with Mark Russinovich in October 2005, have described the program as functionally identical to a rootkit: a computer program used by computer intruders to conceal unauthorised activities on a computer system. Russinovich broke the story on his Sysinternals blog, where it gained attention from the media and other researchers. This ultimately led to a civil lawsuit and criminal investigations, which forced Sony to discontinue use of the system.

While Sony eventually recalled the CDs that contained the XCP system, the web-based uninstaller was investigated by noted security researchers Ed Felten and Alex Halderman, who stated that the ActiveX component used for removing the software exposed users to far more significant security risks, including arbitrary code execution from websites on the internet.

The version of this software used in Sony CDs is the one marketed as "XCP-Aurora". The first time a user attempts to play such a CD on a Windows system, the user is presented with an EULA, if they refuse to accept it the CD is ejected, if they accept it the software is installed. The EULA did not mention that it installed hidden software. The software will then remain resident in the user's system, intercepting all accesses of the CD drive to prevent any media player or ripper software other than the one included with XCP-Aurora from accessing the music tracks of the Sony CD. No obvious way to uninstall the program is provided. Attempting to remove the software by deleting the associated files manually will render the CD drive inoperable due to registry settings that the program has altered. However, it was soon discovered that the software could be easily defeated by merely using a permanent marker to draw a dark border along the edge of the disk.


...
Wikipedia

...