The impact of Sony BMG's now-withdrawn copy-protection scheme spread even farther Wednesday. A security company said it had spotted malicious Web sites ready to attack PCs left vulnerable after users tried to uninstall a rootkit Sony used to hide its digital rights management (DRM) software.

San Diego-based Websense said that it had found "a few" Web sites designed to attack computers by exploiting a leftover piece of Sony's ActiveX rootkit uninstaller.

"It's very minimal, and not widespread," acknowledged Dan Hubbard, senior director of security and research at Websense, of the exploit. But the sites, few as they were, could have wreaked havoc on PCs which once had the Sony DRM technology on their drives.

"The person behind this did it just to make a point. He could have had total access to the computer, and done whatever he wanted," said Hubbard. "Instead, he just made the machine reboot. He even inserted comments in the HTML code that said something like 'Sony DRM Christmas Gift.'"

Sony came under fire earlier this month when researchers, including Mark Russinovich of Wininternals, discovered that the copy-protection Sony BMG Music Entertainment applied to some of its music CDs contained a rootkit. Rootkits are typically used by hackers to cloak their malicious code so that security software can't sniff it out.

Under pressure, Sony first released a patch that uncloaked the rootkit, then an ActiveX-based uninstaller which was to completely remove the rootkit. It's that ActiveX uninstaller that gave the new attack an opening.

"ActiveX controls used to uninstall or disable a program are temporarily installed, and then when they're finished, the pieces are taken out again. Sony's uninstaller, though, left some components behind, and allowed those pieces to be trusted," said Hubbard.