Sony Rootkit Roundup IV

Nov 21: Protest CD DRM in NYC on Nov 30!

FreeCulture NYC is planning another street demonstration at a Tower Records store in Manhattan against DRM CDs, and have a great flier about the dangers of buying DRM music.

Nov 21: Table compares different kinds of Sony music infections

Sony CDs are infected with at least two different kinds of malicious software, the XCP rootkit and a spyware product from Suncomm called MediaMax. This handy table summarizes the differences and similarities between the two systems

Nov 22: Library won't buy Sony CDs

The library system in Ann Arbor, MI declares a moratorium on buying DRM CDs from Sony

Nov 24: Sony rootkit tee: "Why should people care about rootkits?"

These limited-edition tees from F-Secure bear the now infamous quote from Sony BMG president Thomas Hesse: "Most people don't even know what a rootkit is, so why should they care about it?"

Nov 24: Sony rootkit recall makes The Onion

The news of Sony's recall of its rootkit-infected CDs goes even more mainstream and is lampooned in this week's issue of The Onion, their What Do You Think? section.

Nov 24: Rootkit arms-dealer takes website down

First4Internet, the makers of the rootkit DRM that has turned Sony into an infamous villain facing tens of millions in liability, have taken down their website and replaced it with a simple landing page with some contact info.

Nov 27: Pre-history of the Sony rootkit

An old email thread shows the early efforts of the authors of Sony's infamous rootkit.

Nov 28: Sony rootkit author asked for free code to lock up music

An old newsgroup post from a First4Internet programmer offers cash if someone will do his homework for him. Later, code from the free/open source software project LAME (which does some of what this programmer was trying to do) showed up in a First4Internet product.

Nov 28: Programmers on Sony's spyware DRM asked for newsgroup help too

Programmers on Sony's less-known DRM, a piece of spyware called MediaMax from a company called Suncomm, posted messages to newsgroups asking for help with their technology.

Nov 28: Sony CD spyware installs and can run permanently, even if you click "Decline"

We knew that the MediaMax spyware on Sony's CD installs itself even if you click "Decline" when confronted with the "agreement" that governs it. Now we find that the software also runs, permanently, under some common circumstances, even if you never agree to its installation.

Nov 29: Will NY sue Sony, too?

New York Attorney General is making threatening noises over Sony's rootkit DRM, and it looks like he might bring suit.

Nov 29: Sony knew about rootkits 28 days before the story broke

BusinessWeek reports that Sony knew on Oct 4 that its DRM system was built on rootkits and exposed its customers to danger of opportunistic infections from other malicious programs.

Dec 1: No Xmas for Sony protest badge

Gisela has created a "No Xmas for Sony" badge she's using in her email, linking it to Mark Russinovich's account of the Sony rootkit debacle, as a means of convincing people not to buy Sony products this holiday.

Dec 3: How can you tell if a CD is infectious?

EFF publishes a list of indicia that Sony has used to inform customers that a CD carries the MediaMax spyware.

Previous installments of the Sony Rootkit Roundup: Part I, Part II, Part III, Part V, Part VI

(Cool Sony CD image courtesy of Collapsibletank)