Sony Rootkit Saga Continues
Monday December 5, 2005
There's an interesting article in USA Today that talks about Sony's less than admirable response to the discovery of a rootkit on several of their Music CDs. According to USA Today, several noted artists have seen sharp declines in sales of their CDs since the disclosure - including Neil Diamond's 12 Songs which plunged from #4 to #52 on The Billboard 200 charts.
The poorly programmed Sony rootkit installs automatically when users listen to it on a PC and allows any file with a specially crafted name to be hidden by the rootkit. The Sony Stinx Trojan was the first known malicious software to exploit the flaw, although WoW (World of Warcraft) game cheats have also been devised to prevent detection.
Sony initially provided a web page from which users could request a removal tool for the rootkit. It simply introduced a second vulnerability. The ActiveX control used on that web page potentially allowed remote attackers to use it as a downloader Trojan.
Sony then pledged to remove the affected CDs from store shelves, but several media sources have reported the CDs still present in major chains throughout the US - even, according to USA Today, as late as last week.
Sony now claims they will release a new patch on Monday.
Also see:
The poorly programmed Sony rootkit installs automatically when users listen to it on a PC and allows any file with a specially crafted name to be hidden by the rootkit. The Sony Stinx Trojan was the first known malicious software to exploit the flaw, although WoW (World of Warcraft) game cheats have also been devised to prevent detection.
Sony initially provided a web page from which users could request a removal tool for the rootkit. It simply introduced a second vulnerability. The ActiveX control used on that web page potentially allowed remote attackers to use it as a downloader Trojan.
Sony then pledged to remove the affected CDs from store shelves, but several media sources have reported the CDs still present in major chains throughout the US - even, according to USA Today, as late as last week.
Sony now claims they will release a new patch on Monday.
Also see:
No comments yet. Leave a Comment