Zeroday 01100100011010010

The backlash over DRM has finally started to gather serious momentum. Everyday consumers started a campaign to give the highly anticipated game Spore one-star ratings on Amazon. Thousands of Amazon users labeled Spore a poor choice because of the SecuROM DRM system that is forced onto PC users machines that purchase the game. EA has backpedaled a bit and eased the restrictions on the number of installs per machine. They have even made a verbal (but unenforceable) promise to disable the DRM system by patch should they ever end of life the product. But so far EA refuses to give in to consumer demand that they simply get rid of the DRM system. They hold on to the claim that DRM helps reduce piracy. Yet 30 seconds of searching on a popular torrent site shows not only Spore but a cracked copy that totally removes all DRM from the game.

This is possibly the most insulting bit for consumers. People who are pirating the game actually enjoy more freedom in the sense that their system does not have SecuROM permanently installed onto the hard drive. In the recent class action suit the defendants publicly document how the DRM used in Spore remains installed even after the game has been removed from the users computer. SecuROM also operates at “Ring 0” which is to say the core of the kernel layer which is clever in that it is hard to bypass the program yet dangerous because anything that goes wrong will completely destroy the users session. All of these facts are not made plain to consumers before purchasing the game. Only after they have purchased the game and start installation will they have the chance to read about the DRM system in the EULA. [warning: pdf] Retailers almost never allow returns on software once opened which leaves consumers who don’t agree with the surprise DRM in a very bad position.

So how can EA help end DRM? They can look at what is happening around them and try to understand how miserable their own customers are with the DRM choices they are making. If recent events are any indication they will either start pirating the games or simply stop supporting EA with their purchases. EA can also look at recent history and see the reactions of consumers to retailers who renounce DRM. When online music retailers started renouncing DRM (Amazon and Apple) consumers responded very positively. Not only that but the entire industry started to follow their lead. It is wonderful when smaller producers like Stardock announce intentions on these matters but it will take someone the size of EA to make it an industry trend.

I received what was obviously spam this morning with the subject “VideoTube.com: The Best!”
Because I work on the Youtomb project this sort of caught my attention. The message simply read “eX-eX-eX girlfriend!” and there was a zipped attachment. I detached the file and moved it to one of my test boxes. Once there I unzipped it and ran “strings” on it.

It is definitely some sort of windows based botnet package but I don’t have the time to really investigate it. Leaving behind the strings output to help anyone who runs into this today or in the near future. The first line of intelligible strings output did make me laugh

hi, botnet Jack here
CloseHandle
CreateProcessA
ExitProcess
GetEnvironmentVariableA
GetModuleFileNameA
GetShortPathNameA
GetThreadContext
ReadProcessMemory
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory
lstrcatA
lstrcpyA
KERNEL32.dll

Tomorrow is Beansec! For those of you who haven’t heard Zach Lanier has joined us as a full time host of the event. I am semi-retiring for this semester due to classroom obligations but will try to show up for the first half hour or so. I’ll definitely be back in the spring semester!

If you haven’t done so already add the Beansec calendar feed to your favorite scheduling program to make sure you don’t miss out.

Still not sure what Beansec is? Let me explain:
BeanSec! is an informal meetup of information security professionals, researchers and academics in the Greater Boston area that meets the third Wednesday of each month. Unlike other meetings, you will not be expected to pay dues, “join up”, present a zero-day exploit, or defend your dissertation to attend.

It is a great way to meet other security folks from the area in a relaxed atmosphere with absolutely no vendor pitches or formal presentations. Beansec is food, booze and security geeks. Here is a peek at last months Beansec where we had about 30 or so people show up.