Sony is being sued by the State of California over their nefarious hidden rootkit that is installed from some of their music CDs. 

I hope Sony gets a good spanking over this.  It’s not that I advocate stealing music, but that I am absolutely opposed to having (buggy) software installed on my system without my permission.  What’s worse is that this software will only inconvenience regular users.  Anyone who is really interested in stealing and reselling the content will be able to get around the copy restrictions.  And this will remain true as long as CD-Audio remains a viable format.  There is a well-defined format (Redbook) for how audio CDs must be arranged so that they can be read by CD players.  As long as Redbook audio is on the disk, there will be a way to access it and rip it.  The Sony rootkit worked by hooking the CD driver so that Windows can’t see the audio portion of the “protected” disks.

This sort of thing is one of the main factors in my decision to strictly use my Linux system for ripping CDs.  The Linux CD driver is not confused by having both data and music on the CD, and my ripper (Grip) uses cdparanoia, which is also capable of overcoming bad sectors and other disk anomalies.  It’s not as user friendly as iTunes, but it’s much safer and robust as well as being immune to silly Sony rootkits.

I rip every CD I buy, and so far I have not encountered one that would not rip.  If I ever do, I will return it as defective.

Update:  Well, that didn’t take long.  A trojan has already been spotted that takes advantage of the Sony rootkit to hide itself.

Sony-BMG’s rootkit DRM technology masks files whose filenames start with “$sys$”. A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file “$sys$drv.exe” in the Windows system directory.

“This means, that for systems infected by the Sony DRM rootkit technology, the dropped file is entirely invisible to the user. It will not be found in any process and file listing. Only rootkit scanners, such as the free utility RootkitRevealer, can unmask the culprit,” warns Ivan Macalintal, a senior threat analyst at security firm Trend Micro

The malware arrives attached in an email, which pretends to come from a reputable business magazine, asking the businessman to verify his/her “picture” to be used for the December issue. If the malicious payload contained in this email is executed then the Trojan installs an IRC backdoor on affected Windows systems