Sony BMG Music Entertainment has been hit with at least one class-action lawsuit over its rootkit-as-copy-protection software. The lawsuit claims the software violates two anti-fraud statutes, as well as a third law forbidding placement of spyware in a computer.
The Electronic Freedom Foundation (EFF) added its voice to the chorus, saying Wednesday that it too was considering a class-action lawsuit. The non-profit is as yet undecided, but is asking for accounts from affected Sony CD buyers.
The EFF has also confirmed 20 Sony CDs as using the XCP technology, ranging from albums by Celine Dion and Neil Diamond to those by Van Zant and Switchfoot.
Although Sony has done some minimal damage control -- last week it released a patch that revealed the once-hidden files -- it continues to refuse comment and makes it extremely difficult to obtain an uninstaller.
Mark Russinovich, the chief technology officer for Wininternals and one of the first researchers to publicize Sony's rootkit, dug into the uninstaller and concluded that it generates a hash from the PC configuration -- something other rights management software does, including Microsoft's Windows Activation -- so that only the PC from which the request for the uninstaller was made can be cleansed.
"Without exaggeration I can say that I’ve analyzed virulent forms of spyware/adware that provide more straightforward means of uninstall," wrote Russinovich on the newest update to his Sony copy-protection blog.
Sony has yet to post any links to the patch or uninstaller on its Web site.
In other Sony BMG news, a slew of security firms warned Thursday of the first appearance of malware that uses Sony's rootkit to hide from anti-virus programs.
Dubbed "Backdoor.Rycos" by Symantec and "Stinx.e" by Sophos, the Trojan arrives as an attachment to an e-mail purportedly from a British business publication. If the attachment is launched, the Trojan copies itself as "$sys$drv.exe" to the hard drive. Any file beginning with "$sys$" is automatically cloaked by the XCP rootkit.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.