A popular movie DVD has been discovered using rootkit-like copy protection, Anti-virus company F-Secure has revealed.
The German DVD of Hollywood blockbuster Mr and Mrs Smith, released on 24 January, contains copy-protection software called Alpha-DVD, according to news organisation Heise, which first reported the issue. The disc will not play on Windows PCs unless the software is installed. Alpha-DVD contains user-mode rootkit-like features that hide its own process, according to F-Secure.
The discovery comes not long after the controversy over similar features found in copy-protection software on CDs distributed by Sony BMG. Rootkits are used by intruders to maintain persistent access to a system, while keeping malicious processes hidden.
Heise said another recent German DVD, "Edison", also contains Alpha-DVD, as does a Korean edition of "Oldboy".
What's more, like Sony BMG's copy-protection software, Alpha-DVD can be misused by third-party software for malicious purposes, according to Heise. The organisation said it has developed a proof-of-concept application that could call on Alpha-DVD to hide itself from the OS. "It takes only a few lines of code to make use of Alpha-DVDs stealth functionality," Heise said in a report.
Unlike the Sony BMG software, Alpha-DVD doesn't hide files or registry entries, according to F-Secure. "This makes the feature a bit less dangerous, as anti-virus products will still be able to scan all files on the disk," said F-Secure vice president Antti Vihavainen in a blog post. "However, it's not that uncommon for real malware to only hide (its) processes."
The creator of Alpha-DVD, a South Korean LG spinoff called Settec, is providing removal software for those concerned about the impact of its copy protection system. By default Alpha-DVD provides neither a Start Menu entry nor an entry in Windows' Add/Remove Programs feature.
F-Secure said software makers should always avoid hiding anything from users, and particularly administrators. "It rarely serves the needs of the user, and in many cases it's very easy to create a security vulnerability this way," wrote Vihavainen.