04:07 PM

Sony Sued For Rootkit Copy Protection

Sony BMG Music Entertainment has been hit with at least one class-action lawsuit over its rootkit-as-copy-protection software. The lawsuit claims the software violates two anti-fraud statutes, as well as a third law forbidding placement of spyware in a computer.

The Electronic Freedom Foundation (EFF) added its voice to the chorus, saying Wednesday that it too was considering a class-action lawsuit. The non-profit is as yet undecided, but is asking for accounts from affected Sony CD buyers.

The EFF has also confirmed 20 Sony CDs as using the XCP technology, ranging from albums by Celine Dion and Neil Diamond to those by Van Zant and Switchfoot.

Although Sony has done some minimal damage control -- last week it released a patch that revealed the once-hidden files -- it continues to refuse comment and makes it extremely difficult to obtain an uninstaller.

Mark Russinovich, the chief technology officer for Wininternals and one of the first researchers to publicize Sony's rootkit, dug into the uninstaller and concluded that it generates a hash from the PC configuration -- something other rights management software does, including Microsoft's Windows Activation -- so that only the PC from which the request for the uninstaller was made can be cleansed.

"Without exaggeration I can say that I’ve analyzed virulent forms of spyware/adware that provide more straightforward means of uninstall," wrote Russinovich on the newest update to his Sony copy-protection blog.

Sony has yet to post any links to the patch or uninstaller on its Web site.

In other Sony BMG news, a slew of security firms warned Thursday of the first appearance of malware that uses Sony's rootkit to hide from anti-virus programs.

Dubbed "Backdoor.Rycos" by Symantec and "Stinx.e" by Sophos, the Trojan arrives as an attachment to an e-mail purportedly from a British business publication. If the attachment is launched, the Trojan copies itself as "$sys$drv.exe" to the hard drive. Any file beginning with "$sys$" is automatically cloaked by the XCP rootkit.

2 of 3
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
Increasing IT Agility and Speed To Drive Business Growth
Learn about the steps you'll need to take to transform your IT operation and culture into an agile organization that supports business-driving initiatives.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.