Over on Sysinternals, Mark Russinovich has done a superb piece of detective work into a rootkit that he had found on his machine. After a long investigation, he found that it had originated from a Sony music CD; there appeared to be no warning of this installation, nor anyway to remove the software. Using standard removal techniques, it ended up crippling the CD player on the PC.
Within the comments, there are listings of various computer misuse legislation that Sony may have broken by surrepticiously installing such sotware. There is also further detective work, as the software is discovered to make calls to Sony with identification.
Yesterday, Sony provided removal software: “This Service Pack removes the cloaking technology component that has been recently discussed in a number of articles published regarding the XCP Technology used on SONY BMG content protected CDs. This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers.”
At least they were listening and put up a fix…pity they had to installed the equivalent of malware in the first place though.
Update: the Sony software is only decloakimg software so the files are no longer hodden. It does not remove the rootkit.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.