Sony, Rootkits and Digital Rights Management Gone Too Far

Mark Russinovich from Sysinternals has discovered that Sony BMG uses rootkit technology and modifies your Windows kernel to stop you copying their CDs. The rootkit cannot be uninstalled and attempts to do so will disable access to your CD player. Also, it has been noted that the software is poorly written and is the cause of many a blue screen of death. Look out for crashes reporting problems related to Aries.sys.

Not only that, but once you have this software on your machine it's trivial for other hackers to leverage off it and hide their files on your machine! Just by creating a file whose name starts with $sys$ anyone with access to your PC can hide files from you.

My advice: if you own any CDs that are copy-protected, do not put them in your PC, but if you do, make sure you have autorun disabled (hold down the shift key when inserting the CD) and do NOT accept any software installations off the CD.

Steve Gibson discusses this with Leo Laporte in Episode 12 of their Security Now! Podcast - well worth a listen.

More reports and discussions are available.

Sony BMG has also provided an update which removes the cloaking properties of the software (but does not remove the copy-protection software itself).

2005-11-07 UPDATE:
Mark Russinovich has another article about the dangerous patch that released by Sony BMG. He also confirms that the malware sends something back to Sony's server.

Molly Wood at Cnet.com sums up her feelings on this.

World of Warcraft hackers using Sony BMG rootkit.