Sony’s Music CDs “Rootkit” Fiasco

In case you missed the news last week and this, Sony BMG was caught installing a “rootkit” on Windows computers, as part of their required music player for some of their copy-protected music CDs. The music player also installed the “XCP” copy-protection system, which included the rootkit.

Rootkits subvert the Windows operating system to hide the existance of the files, directories, programs and registry entries that they want to protect. In other words, you might expect that a rootkit was trying to protect a trojan, dialer, spam sender, popup generator, or other malware. I would not expect to find one on a music CD that I bought in a store!

The news was easy to miss because the big news sites have said very little on the issue. Cnet’s News.com picked up the story on Wednesday 11/2, after it broke on Monday 10/31.

As Sony started to get hammered in public opinion, they released a “rootkit remover” last week Of course, it did not remove the copy protection. It simply changed so that the hidden files, directories, programs and registry entries were no longer hidden.

The Electronic Freedom Foundation reports that they have confirmed the existance of this “XCP” technology on 20 Sony music CDs, in a variety of genres. They identified the individual CDs and also identified three that were protected by a different copy-protection system.

According to articles at Yahoo!, both Associated Press and Reuters report that trojans have already been identified that are attempting to take advantage of the security hole.

Read more about Sony’s rootkit at blog.TerrysComputerTips.com in the antispyware/antimalware section.