Sony Sued For Rootkit Copy Protection

Sony BMG Music Entertainment has been hit with at least one class-action lawsuit over its rootkit-as-copy-protection software. The lawsuit claims the software violates two anti-fraud statutes, as well as a third law forbidding placement of spyware in a computer.
As early as a week ago, hackers were already discussing ways to use the XCP rootkit, but Stinx.e is the first proof of their work.

"Sony's DRM copy protection has opened up a vulnerability which hackers and virus writers are now exploiting," said Graham Cluley, senior technology consultant for Sophos, in a statement Thursday. "We wouldn't be surprised if more malware authors try and take advantage of this."

The Trojan opens a backdoor on the compromised PC, and takes commands from its controller to, for instance, install additional files or delete data.

Analysts at Gartner also stepped into the controversy by issuing a warning to clients of a consumer backlash against such practices.

"The use of spyware techniques, however benign in purpose, constitutes bad business practice and should be discouraged. Any attempt to sneak software onto a customer's computer or gather any information without consent is unacceptable," said Ray Heiser.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing