Print | Send on Yahoo! | PDF version | RSS | Filed Under: MALWARE HISTORY

2005 – The Sony BMG Scandal

One of the most interesting security threats in 2005 were the so-called worms for instant messenger applications.

IM services have become so popular, that almost every PC user around the world enjoyed their services. Although a couple of IM worms have been detected long before 2005, their count significantly increased during the year.

The first significant outbreak during 2005 took place in August, when the Win32.Worm.Zotob.A  worm and some of its variants (Win32.Worm.Zotob.D) started infecting US-based computers. The new worm exploited multiple security vulnerabilities in the Windows 2000 operating system in order to spread across the network. Although the damage was allegedly situated in the $97,000 space, American mass-media outlets proclaimed it a large scale disaster. This is mostly due to the fact that the worm infected computers at companies such as ABC, CNN, The Associated Press, The New York Times, and Caterpillar Inc.

October 13 brought a new surprise in the form of the Samy XSS worm (also known as JS.Spacehero). The new cross-site-scripting worm was especially tailored to spread using the extremely popular MySpace social-networking site. The Samy worm also carried a payload that would display the string "but most of all, Samy is my hero" on a victim's profile. According to a MySpace report, the XSS worm managed to infect over one million users.

Samy's author has been identified as Samy Kamkar. MySpace filled a lawsuit against him for felony. Kamkar was sentenced to three years probation, 90 days community service and an undisclosed amount of restitution.

A huge scandal was about to begin on October 31, when Sony BMG was found to have willingly infected music CDs with a rootkit in order to prevent illegal copying of music. The company started protecting its audio CDs with a new technology, called the Extended Copy Protection (XCP). This piece of software was automatically installed on the customers' computers each time the disk was inserted in the CD-ROM. Although Sony BMG had planted the rootkit (Bitdefender identifies the rootkit as Win32.Sony-DRM-HiddenFile) with no intention to harm the user, the community claimed that the XCP interfered with the normal way in which the Microsoft Windows operating system played audio CDs and that it would open additional security holes to be exploited by malware.

Sony BMG was accused of having planted spyware on its customers' machines. The company was called to court as part of a class lawsuit. Moreover, Sony BMG had to recall all the affected music CDs.