Sony sues maker of MediaMax DRM system

Posted by   Virus Bulletin on   Jul 16, 2007

CD protection developer accused of damaging Sony name.

Sony BMG, the division of the Sony group embroiled in a long-running scandal after releasing a number of CDs using suspect techniques to implement anti-piracy protection, has brought a damages case against the firm it hired to develop some of the software involved.

The CD protection system using the 'XCP' rootkit technique to cloak the actions of the software and prevent removal, and CDs using the software were shipped to consumers in late 2005. The suspicious activity was soon spotted by malware experts and a sizeable backlash against the CD maker ensued, with many security products detecting and removing the software to reduce the risk of other malware piggy-backing the simple method used to hide files.

Shortly afterwards worries were raised about some other technology employed by Sony CDs, the MediaMax system developed by SunnComm, now called The Amergence Group. This included further suspect techniques, rendering systems even more vulnerable to other attacks.

The scandal added to the growing movement attacking the concept of 'digital rights management' (DRM) and the validity of attempting to control access to media data on the web. Sony recalled the dangerous CDs and went on to pay out over $5 million in compensation to customers whose systems were compromised by the malcode. Further controversy followed when Canadian consumers were offered less than those in the US.

Now, Sony is suing the Phoenix, Arizona, based developer of MediaMax for $12 million in damages, accusing the company of providing defective software and harming its good name. Amergence has responded with claims that Sony is at fault for not properly testing the software before release and providing them with inadequate design specifications, and many commentators have wondered why MediaMax should be targeted ahead of the maker of XCP, UK-based First4Internet, whose software is generally thought the most serious aspect of the 'Sony Rootkit' fiasco.

The case was filed on July 3rd. Details can be found at IT law website, here. More commentary is here, in a McAfee blog entry, or here from a blogger at Zdnet.

Posted on 16 July 2007 by Virus Bulletin



Latest posts:

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

New article: Dissecting the design and vulnerabilities in AZORult C&C panels

In a new article, Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team's findings related to the C&C design and some security issues they identified.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.