A quick summary for readers that have been asleep for the last month:
Sometime in March 2005, Sony BMG began distributing music CDs that were “protected” using software from First 4 Internet Ltd. The software installed hidden software and made system changes to prevent removal after the user accepted a (typically verbose and unclear) EULA. The software would also hide any files or registry keys with a name starting with the string “$sys$” – a feature that has now been taken advantage of by malware authors. Attempting to uninstall the software might cripple windows.
After the initial reports on the software at the beginning of November there was a lot of discussion, the consensus being that Sony BMG had greatly overstepped the bounds of acceptable behaviour. Now most anti-virus companies have descriptions and disinfection tools for the rootkit.
Sony is now facing lawsuits in the USA, and the rootkit may infringe copyright held by Jon Johansen.
Unauthorised modification of computer programs or data is a crime in Hong Kong. If any of these rootkit CDs have been distributed in Hong Kong, then Sony BMG should face criminal prosecution under the Computer Crimes Ordinance.
Don’t miss F-Secure’s T-shirt.
