Ben Edelman discovered a very simple, effective way that Sony BMG can notify customers that they have the rootkit on their system.

Since the Sony BMG CDs in question actually call home, there is a simple way for Sony to insert an advertisement into the XCP player, warning users they have the rootkit on their system. 

Highlighted in green is call for a banner ad (currently nothing is there): 

HTTP/1.1 302 Moved Temporarily
Set Cookie: ARPT=JKXVXZS64.14.39.161CKMJU; path=/
Date: Sat, 12 Nov 2005 18:36:49 GMT
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.14 OpenSSL/0.9.7d
Location: http://www.sonymusic.com/access/banners/nobanner.xml
Keep Alive: timeout=10
Connection: Keep Alive
Transfer Encoding: chunked
Content Type: text/plain

By simply replacing it with his own, he was able to create an ad on the Sony BMG player with a warning.

<?xml version=”1.0″ encoding=”UTF-8″ ?>
<rotatingbanner>
<banner src=”http://www.benedelman.org/sony/image1.jpg” href=”http://cp.sonybmg.com/xcp/” time=”4000″ />
</rotatingbanner>

See Ben’s site for all details, and a screen shot of what an ad might look like. Link here.

Sony BMG: Do this.  It’s a good idea.

 

Alex Eckelberry