« PNG compression comparison chart | Main | Harry's Place is back! »

ShinyDisk Watch: more about the Beastie Boys album

This rumor has been going around about the new Beastie Boys album that I blogged about earlier. The Register writes:

According to a recent thread at BugTraq, an executable file is automatically and silently installed on the user's machine when the CD is loaded. The file is said to be a driver that prevents users from ripping the CD (and perhaps others), and attacks both Windows boxen and Macs.

The infected CD is being distributed worldwide except in the USA and UK, which prevents us from giving a firsthand report. However, according to hearsay, we gather that the Windows version exploits the 'autorun' option, and that the Mac version affects the auto play option.

My experience with ShinyDisks is that they do attempt to install something; however, this is the first reputable source I've seen where it is claimed that what it installs is code that affects the way CDs are handled themselves. What I've seen suggested rather that the software that gets installed is a bunch of codecs and a skin for Windows Media Player to present the playback of the "pre-ripped" files (low-quality WMAs) that are present on the CD. Not that that didn't royally piss me off when I was first confronted with this almost a year ago.

But then, what do I know? I'll follow this issue closely and will mention it here when there's any credible confirmation or refutation of the "Beastie Boys virus" rumor.

(Also, I'm creating a special ShinyDisk Watch category for the Blog. I expect to write on this a lot.)

Update: Malicious driver confirmed! J. Alex Halderman of Princeton University writes an Analysis of the MediaMax CD3 Copy-Prevention System:

Windows has a feature called "autorun" that automatically starts programs from CDs when they are inserted into the computer. If a MediaMax-protected CD is placed in a PC that has autorun enabled, Windows runs a file called LaunchCD.exe located on the disc. This program provides access to the DRM-controlled encrypted content, but it also loads a special device driver into the system's memory. On Windows 2000/XP, this driver is called SbcpHid. The LaunchCD.exe program also presents an end user license agreement (EULA). If the user ever clicks Accept to agree to the terms of the license, the MediaMax driver is set to remains active even after the computer is rebooted. The driver examines each CD placed in the machine, and when it recognizes the protected title, it actively interferes with read operations on the audio content. Similar methods are used to protect the tracks on Windows 98/ME and Mac OSX systems.

This behavior can be verified by loading then disabling MediaMax according to the following instructions:
Start with a Windows 2000/XP system with empty CD drives.

Click the Start button and select Control Panel from the Start Menu.
Double-click on the System control panel icon.
Select the Hardware tab and click the Device Manager button.
Configure Device Manager by clicking "Show hidden devices" and "Devices by connection," both from the View menu.
Insert the Anthony Hamilton CD into the computer and allow the SunnComm software to start. If MediaMax has never been started before on the same computer, the SbcpHid driver should appear on the list for the first time. However, on some systems Windows needs to be rebooted before the driver becomes visible.

At this point you can attempt to copy tracks from the CD with applications like MusicMatch Jukebox or Windows Media Player. Copies made while the driver is active will sound badly garbled, as in this 9-second clip [10].

Next, follow these additional steps to disable MediaMax:
Select the SbcpHid driver from the Device Manager list and click "Properties" from the Action Menu.
Click the Driver tab and click the Stop button to disable the driver.
Set the Startup Type to "Disabled" using the dropdown list.

With the driver stopped, you can verify that the same applications copy every track successfully. Setting the Startup Type to disabled prevents MediaMax from restarting when the computer is rebooted. It will remain deactivated until LaunchCD.exe is allowed to run again.

Comments (3)

Dan.e:

Of course, leaving the autorun option on your windows box activated isn't really smart to start with :-)

Noted. But it's not as if I often stick a disk into the CDROM player without being damned sure in advance what is on it.

bond:

does anyone have a fix for windows ME? I want to remove this driver or disable it. I returned the Velvet Revolver CD to store I bout it from and now I want it off my computer HD and all the MediaMax files that were installed.

About

This page contains a single entry from the blog posted on June 23, 2004 1:49 PM.

The previous post in this blog was PNG compression comparison chart.

The next post in this blog is Harry's Place is back!.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.34