The title of this post may be a little alarmist but Sony has included Rootkit software on its music CDs recently in an effort to stop users copying music more than three times. The rootkit software was discovered by security expert Mark Russinovich of Sysinternals accidentally and he wrote about it last week. Mark explained:
Rootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden.
Since Mark revealed the existence of the rootkit software, Sony has issued an uninstall procedure for the software but as Mark points out this uninstall procedure requires the user to go through by two web forms, an email and an ActiveX control and the uninstaller is locked to a single computer, preventing deployment in a corporation.
Now we learn from an article in the Reg that a virus writer has written a variant of of the Breplibot Trojan which drops files into the Windows directory which are incapable of being found except with very specialised software, if you have the Sony rootkit on your PC.
Bottom line – if you are buying music CDs – check if they have Sony on the label, and if they do, don’t buy them.
I see Microsoft are concerned about rootkit features in CDs from Sony and is evaluating the situation to see if any action needs to be taken