RIAA takes copy protection to a new extreme...

Pyro Pilots Lounge. For all topics *not* covered in other DBB forums.

Moderators: fliptw, roid

MD-2389
Defender of the Night
Defender of the Night
Posts: 13477
Joined: Thu Nov 05, 1998 12:01 pm
Location: Olathe, KS
Contact:

RIAA takes copy protection to a new extreme...

Post by MD-2389 »

The Register wrote:A new Beastie Boys' CD called "To the Five Boroughs" (Capitol Records), is raising hackles around the Web for reputedly infecting computers with a virus.

According to a recent thread at BugTraq, an executable file is automatically and silently installed on the user's machine when the CD is loaded. The file is said to be a driver that prevents users from ripping the CD (and perhaps others), and attacks both Windows boxen and Macs.

The infected CD is being distributed worldwide except in the USA and UK, which prevents us from giving a firsthand report. However, according to hearsay, we gather that the Windows version exploits the 'autorun' option, and that the Mac version affects the auto play option.

On Windows, when a CD is loaded, a text file called autorun.inf is read, and any instructions within it are executed. In this case, the machine is instructed to install some manner of DRM driver that prevents copying. We haven't seen either the .inf file or any of the executables, so we can't say how or at what level it accomplishes this - or if indeed it actually does accomplish this.

But assuming that the unconfirmed reports are accurate, we have here a media company infecting users' machines silently with a file that affects a computer's functionality, without first obtaining informed consent: a likely violation of pretty much every jurisdiction's anti-hacking laws. It's possible to foresee criminal charges being brought at some point: after all, having a good reason for spreading malware has never been much of a defence in court. And a file that alters a computer's functioning without the owner's informed consent is the very definition of malware. Because this malware can be transferred from machine to machine on a removable disk, and requires user interaction to spread, it is, quite simply, a computer virus. (A worm, on the other hand, is distinguished by its ability to spread without user interaction.)
CD virus protection

Let's look at the ways this autorun business can be defeated. It's quite easy to disable autorun in Windows by holding down the Shift key when loading a CD. Unfortunately, this has to be done each time the CD is played. However, it's easy to insert the CD once with the Shift key depressed, and then simply rip the tracks to the hard disk. You can then use the CD in other devices, and listen to your corresponding MP3s or whatever on your computer.

You can also disable the autorun "feature" on your Windows machine permanently so that this and other CDs infected with viruses won't affect you in the future.

To do this, go to the Start menu ==> Run, and type in the command regedit. Your registry editor will launch. Navigate to the following key, and edit as shown:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDRom and set Autorun DWORD=0

It might be necessary to create the value, thus: Data Type: DWORD Value Name: Autorun Value: 0

As usual, you must reboot your Windows box for the changes to take effect.
Disinfection

The above procedure assumes that you haven't previously installed the suspected Capitol Records virus, or a similar one from another fine entertainment conglomerate. But if you have, you will need to find and uninstall the malware first. The autorun.inf file on the CD will likely indicate the name of the relevant file(s), the locations where they're installed, and any registry changes made.

Armed with that information, go to the Windows 'uninstall' utility:

Start menu ==> Settings ==> Control Panel ==> Add or Remove Programs ==> Change/Remove.

Look for any program files referenced in the autorun.inf file and uninstall them. If no related programs are listed, you will need to launch the Windows Search Companion and search for any files named in the autorun.inf file and delete them manually. Be sure to activate the options in the "more advanced features" dialog allowing you to search the entire disk (search system folders, search hidden folders, and search subfolders).

Now, a word of caution: if the Capitol Records virus has updated a library file or driver, deleting it might affect your system's functioning, and you might need to re-install Windows to put things right again. (Carefully log the time needed to do this and include it in your criminal complaint.) However, deleting a foreign executable file is safe, so long as it's not one you actually need. So be careful about file name spellings so that you don't accidentally delete an important file that's spelt similar to the one you wish to be rid of. ®
the link

And they wonder why people aren't buying CDs.... :roll:
User avatar
CDN_Merlin
DBB_Master
DBB_Master
Posts: 9781
Joined: Thu Nov 05, 1998 12:01 pm
Location: Capital Of Canada

Post by CDN_Merlin »

Couldn't we sue them for screwing with our systems?

I mean they are directly infecting our systems with a piece of software that interfers with it's operation. Thats almost borderline hacking.
MD-2389
Defender of the Night
Defender of the Night
Posts: 13477
Joined: Thu Nov 05, 1998 12:01 pm
Location: Olathe, KS
Contact:

Post by MD-2389 »

Its also a direct violation of the digital millenium copyright act IIRC. How ironic. ;)
User avatar
Tetrad
DBB Alumni
DBB Alumni
Posts: 7585
Joined: Thu Nov 05, 1998 12:01 pm
Location: Dallas, TX

Post by Tetrad »

CDN_Merlin wrote:Couldn't we sue them for screwing with our systems?
From what I've heard, an EULA pops up saying that you give them the right to install said drivers. If that's the case, then no.

I really do want to see another case where somebody gets sued for holding down the shift key.
User avatar
Vindicator
DBB Benefactor
DBB Benefactor
Posts: 3166
Joined: Mon Dec 16, 2002 3:01 am
Location: southern IL, USA
Contact:

Post by Vindicator »

I first heard about this a while ago, when a similar anti-copy scheme was put onto a music CD. That one prompted the user to agree with its terms of service when the disc was inserted, and if they clicked yes then it installed the anti-copy junk. A college student discovered that it could be bypassed entirely by disabling autorun and wrote a paper about it, and the music industry threatened legal action against him. :lol:

edit: Tet beat me to it.
User avatar
Tyranny
DBB Defender
DBB Defender
Posts: 3399
Joined: Sun Nov 10, 2002 3:01 am
Location: Phoenix, Arizona

Post by Tyranny »

uh...

If you're dumb enough to leave autorun on in the first place you deserve to be infected :P I haven't allowed autorun to work since....ever.
MD-2389
Defender of the Night
Defender of the Night
Posts: 13477
Joined: Thu Nov 05, 1998 12:01 pm
Location: Olathe, KS
Contact:

Post by MD-2389 »

Tyranny wrote:uh...

If you're dumb enough to leave autorun on in the first place you deserve to be infected :P I haven't allowed autorun to work since....ever.
Not everyone finds autorun annoying Tyr. Furthermore, not many people know how to turn it off in 2000/XP.
User avatar
Lothar
DBB Ghost Admin
DBB Ghost Admin
Posts: 12133
Joined: Thu Nov 05, 1998 12:01 pm
Location: I'm so glad to be home
Contact:

Post by Lothar »

Autorun is a pain to turn off in XP. I still haven't found out how to disable it for when I connect my USB drive...

But I'm not worried, anyway -- what kind of loser buys Beastie Boys CD's? :P
User avatar
Vertigo 99
DBB Fleet Admiral
DBB Fleet Admiral
Posts: 2684
Joined: Tue May 25, 1999 2:01 am
Location: Massachusetts
Contact:

Post by Vertigo 99 »

Beastie Boy's new CD looks "ill" - can't say I've heard more than one song off of it though.

And what's wrong with the beasties? heh
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

arent they encrypting CD's now, with hidden "Sounds"......

ive downloaded a hand ful of songs only to find them about 1:00 into the song.....the music fades out...a Phone System Error Tone ( you know that 3 tone annoying POFS Signal when you dial a D/C Number ) squeals in.....goes away.. 10 seconds later the music fades back in.
User avatar
Vindicator
DBB Benefactor
DBB Benefactor
Posts: 3166
Joined: Mon Dec 16, 2002 3:01 am
Location: southern IL, USA
Contact:

Post by Vindicator »

AceCombat wrote:arent they encrypting CD's now, with hidden "Sounds"......

ive downloaded a hand ful of songs only to find them about 1:00 into the song.....the music fades out...a Phone System Error Tone ( you know that 3 tone annoying POFS Signal when you dial a D/C Number ) squeals in.....goes away.. 10 seconds later the music fades back in.
Thats intentional tampering by the RIAA to keep people off Kazaa. Its also why I quit using Kazaa and turned to other, better means. *cough*
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

i dont use Kazaa so :P :lol:
User avatar
Capm
DBB DemiGod
DBB DemiGod
Posts: 2267
Joined: Thu Nov 05, 1998 12:01 pm
Location: Topeka, KS
Contact:

Post by Capm »

Thats why you pass the audio through an analog filter before recording it, you can't get encryption through that.
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

Capm wrote:Thats why you pass the audio through an analog filter before recording it, you can't get encryption through that.
can ya find me a copy of Drowning Pool, Step-Up
User avatar
Kyouryuu
DBB Alumni
DBB Alumni
Posts: 5775
Joined: Fri Apr 30, 1999 2:01 am
Location: Isla Nublar
Contact:

Post by Kyouryuu »

More food for thought.
Slashdot wrote:A music windfall promised to WA public schools and libraries from last year's $143M anti-trust settlement with the recording industry wasn't all it was cracked up to be. While WA got 115,241 music CDs out of the deal, folks aren't quite sure what to do with the odd collection, which includes 387 CDs containing explicit lyrics by Big Pun, 310 copies of Will Smith's Willenium and 48 copies of Spooky Scary Sounds for Halloween from Martha Stewart.
Remember that, the next time you think about buying a music CD.
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

remember that post on the old DBB, about some company was being funded to experiment with CD/DVD Media made from Corn..........


it would degrade its chemical composition eachtime the LASER read the disc
User avatar
Krom
DBB Database Master
DBB Database Master
Posts: 16138
Joined: Sun Nov 29, 1998 3:01 am
Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
Contact:

Post by Krom »

But you only need to read it once. Technoligy like that would be utterly useless for copy protection.
User avatar
roid
DBB Master
DBB Master
Posts: 9996
Joined: Sun Dec 09, 2001 3:01 am
Location: Brisbane, Australia
Contact:

Post by roid »

this what you talking bout ace? (if that is your real name ;))

i just looked around trying to find where in win2K you can turn off autoplay. i couldn't find it!
so i'll just poop on the registry. thx MD.
User avatar
kurupt
DBB Fleet Admiral
DBB Fleet Admiral
Posts: 2506
Joined: Wed May 17, 2000 2:01 am
Location: Clinton, Ohio

Post by kurupt »

AceCombat wrote:i dont use Kazaa so :P :lol:
you might not use kazaa my small minded compadre, but that doesn't mean the file you downloaded didn't originate from it.
User avatar
Tyranny
DBB Defender
DBB Defender
Posts: 3399
Joined: Sun Nov 10, 2002 3:01 am
Location: Phoenix, Arizona

Post by Tyranny »

Autorun isn't hard at all to turn off in 2K/XP (Was one of the first things I googled when installing those operating systems), and whoever said autorun was annoying? I certainly didn't. Autorun has been a vulnerability for quite some time now though, this isn't exactly new news and just for safety's sake it has always been a good idea to disable it regardless of how you feel about it.

Theres always some exploit companies are itching to take advantage of, no matter how good their intentions might be. Most of which are purely for their sake rather then ours.
User avatar
KompresZor
DBB Captain
DBB Captain
Posts: 919
Joined: Wed Jul 31, 2002 2:01 am
Location: Clearfield, Pennslyvania

Post by KompresZor »

I think it's bull ★■◆●...
User avatar
roid
DBB Master
DBB Master
Posts: 9996
Joined: Sun Dec 09, 2001 3:01 am
Location: Brisbane, Australia
Contact:

Post by roid »

Tyranny wrote:Autorun isn't hard at all to turn off in 2K/XP (Was one of the first things I googled when installing those operating systems)
hehe, so easy, that you had to use google to figure out howto do it. ;)
User avatar
Warlock
DBB 3D Artist
DBB 3D Artist
Posts: 3370
Joined: Wed May 12, 1999 2:01 am
Location: Midland, Tx, U.S.
Contact:

Re: RIAA takes copy protection to a new extreme...

Post by Warlock »

The Register wrote:We haven't seen either the .inf file or any of the executables, so we can't say how or at what level it accomplishes this - or if indeed it actually does accomplish this.
its kinda like what they do on the XBox disk, when u put the disk in all u see is a vob that played there promo but u cant see the data files.

its a neet trick and i like to know how that trick is done.
User avatar
Krom
DBB Database Master
DBB Database Master
Posts: 16138
Joined: Sun Nov 29, 1998 3:01 am
Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
Contact:

Post by Krom »

Probably stored on a seprate partiton on the disk. The main part of the disk would be a ISO standard format, the data files would be stored somewhere else in a non standard track, that would prevent windows (or any OS/driver that lacks support for it) from reading it.
Dedman
DBB Material Defender
DBB Material Defender
Posts: 4513
Joined: Tue Oct 15, 2002 2:01 am
Location: Atlanta

Post by Dedman »

The infected CD is being distributed worldwide except in the USA and UK, which prevents us from giving a firsthand report. However, according to hearsay...
'nuff said.
User avatar
AceCombat
Owned by Timex
Owned by Timex
Posts: 6516
Joined: Sat Apr 12, 2003 2:01 am
Location: Oakwood, GA

Post by AceCombat »

yes roid that was the issue i was talking about. and yes my name is ace :P
User avatar
Battlebot
DBB Captain
DBB Captain
Posts: 510
Joined: Sun Jun 22, 2003 2:01 am
Location: Texas

Post by Battlebot »

Image

but i really wanna know is, why did they put that on a beastie boys cd. no one's ever gonna buy in the first place regardless of that hack or not.
User avatar
Skyalmian
DBB Admiral
DBB Admiral
Posts: 1723
Joined: Wed Aug 18, 1999 2:01 am
Location: New Jersey, USA

Post by Skyalmian »

User avatar
Battlebot
DBB Captain
DBB Captain
Posts: 510
Joined: Sun Jun 22, 2003 2:01 am
Location: Texas

Post by Battlebot »

i stand coreected
User avatar
Duper
DBB Master
DBB Master
Posts: 9214
Joined: Thu Nov 22, 2001 3:01 am
Location: Beaverton, Oregon USA

Post by Duper »

AceCombat wrote:yes roid that was the issue i was talking about. and yes my name is ace and I approve this harassment :P

hehehehe
Lothar wrote:But I'm not worried, anyway -- what kind of loser buys Beastie Boys CD's? :P
...why only the Very Best! ;)
User avatar
Lothar
DBB Ghost Admin
DBB Ghost Admin
Posts: 12133
Joined: Thu Nov 05, 1998 12:01 pm
Location: I'm so glad to be home
Contact:

Post by Lothar »

LOL... how many of those 480,000 beastie boys CD's do you suppose were sent to Washington State as a result of the anti-trust suit, as compared to the number actually bought by consumers? I remember hearing the RIAA owed Washington State pretty close to 480,000 CD's... I could just see them sending one big brick of Beastie Boys CD's.

Washington State: "WTF? This is a whole truckload of Beastie Boys... I expected them to at least send some music that didn't suck."

RIAA: "Since when do we produce anything that doesn't suck?"

Washington State: *stands dumbfounded* "I uh, I guess you have a point."

RIAA: "That'll teach you to sue us! Next time, you'll know better. Have fun trying to dispose of 480,000 Beastie Boys CD's! BWAHAHAHAHAHA"
User avatar
Ferno
DBB Commie Anarchist Thug
DBB Commie Anarchist Thug
Posts: 15163
Joined: Fri Nov 20, 1998 3:01 am

Post by Ferno »

Someone has to buy the CD in order to make the songs available.
User avatar
Nirvana
DBB Harasser
DBB Harasser
Posts: 1123
Joined: Thu Nov 05, 1998 12:01 pm
Contact:

Post by Nirvana »

I think it's a big ploy by a secret underground nazi government agency to get people to stop buying Beastie Boys CDs because they are Jewish.
User avatar
kurupt
DBB Fleet Admiral
DBB Fleet Admiral
Posts: 2506
Joined: Wed May 17, 2000 2:01 am
Location: Clinton, Ohio

Post by kurupt »

beastie boys > lothar's band
User avatar
BUBBALOU
DBB Benefactor
DBB Benefactor
Posts: 4198
Joined: Tue Aug 24, 1999 2:01 am
Location: Dallas Texas USA
Contact:

Post by BUBBALOU »

kurupt wrote:beastie boys > lothar's band
Figures!
Dedman
DBB Material Defender
DBB Material Defender
Posts: 4513
Joined: Tue Oct 15, 2002 2:01 am
Location: Atlanta

Post by Dedman »

Don't try and steal music and it won't be a problem.
User avatar
Vertigo 99
DBB Fleet Admiral
DBB Fleet Admiral
Posts: 2684
Joined: Tue May 25, 1999 2:01 am
Location: Massachusetts
Contact:

Post by Vertigo 99 »

Nirvana wrote:I think it's a big ploy by a secret underground nazi government agency to get people to stop buying Beastie Boys CDs because they are Jewish.
Congradulations sir, you have been awarded the "best post in this thread" award, plz continue this high level quality of posting.
MD-2389
Defender of the Night
Defender of the Night
Posts: 13477
Joined: Thu Nov 05, 1998 12:01 pm
Location: Olathe, KS
Contact:

Post by MD-2389 »

Dedman wrote:Don't try and steal music and it won't be a problem.
Thats probably the most ignorant post in this entire thread.
User avatar
Lothar
DBB Ghost Admin
DBB Ghost Admin
Posts: 12133
Joined: Thu Nov 05, 1998 12:01 pm
Location: I'm so glad to be home
Contact:

Post by Lothar »

shut up kurupt, my band is teh awesome.

*holds up a rubber band*

check that out! Ph34r.
User avatar
kurupt
DBB Fleet Admiral
DBB Fleet Admiral
Posts: 2506
Joined: Wed May 17, 2000 2:01 am
Location: Clinton, Ohio

Post by kurupt »

well it isn't hard to outdo the beastie boys, so just get yourself some yarn and a bell and you're good to go.
Post Reply