04:07 PM
Connect Directly

Sony Sued For Rootkit Copy Protection

Sony BMG Music Entertainment has been hit with at least one class-action lawsuit over its rootkit-as-copy-protection software. The lawsuit claims the software violates two anti-fraud statutes, as well as a third law forbidding placement of spyware in a computer.

The Electronic Freedom Foundation (EFF) added its voice to the chorus, saying Wednesday that it too was considering a class-action lawsuit. The non-profit is as yet undecided, but is asking for accounts from affected Sony CD buyers.

The EFF has also confirmed 20 Sony CDs as using the XCP technology, ranging from albums by Celine Dion and Neil Diamond to those by Van Zant and Switchfoot.

Although Sony has done some minimal damage control -- last week it released a patch that revealed the once-hidden files -- it continues to refuse comment and makes it extremely difficult to obtain an uninstaller.

Mark Russinovich, the chief technology officer for Wininternals and one of the first researchers to publicize Sony's rootkit, dug into the uninstaller and concluded that it generates a hash from the PC configuration -- something other rights management software does, including Microsoft's Windows Activation -- so that only the PC from which the request for the uninstaller was made can be cleansed.

"Without exaggeration I can say that I’ve analyzed virulent forms of spyware/adware that provide more straightforward means of uninstall," wrote Russinovich on the newest update to his Sony copy-protection blog.

Sony has yet to post any links to the patch or uninstaller on its Web site.

In other Sony BMG news, a slew of security firms warned Thursday of the first appearance of malware that uses Sony's rootkit to hide from anti-virus programs.

Dubbed "Backdoor.Rycos" by Symantec and "Stinx.e" by Sophos, the Trojan arrives as an attachment to an e-mail purportedly from a British business publication. If the attachment is launched, the Trojan copies itself as "$sys$drv.exe" to the hard drive. Any file beginning with "$sys$" is automatically cloaked by the XCP rootkit.

2 of 3
Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.