Summary:
The discovery...Molly Wood, CNET wrote:So, let's make this a bit more explicit. You buy a CD. You put the CD into your PC in order to enjoy your music. Sony grabs this opportunity to sneak into your house like a virus and set up camp, and it leaves the backdoor open so that Sony or any other enterprising intruder can follow and have the run of the place. If you try to kick Sony out, it trashes the place. And what does this software do once it's on your PC? ... The DRM itself is almost unbelievably restrictive, and some have suggested that the reasoning behind it is part of Sony's ongoing war over digital music supremacy with the decidedly more supreme Apple.
What is a rootkit?
How to detect if the rootkit is on your PC.
How to remove the rootkit? Don't. At least not yet. Sony has released an uninstaller, but it makes things worse:
About the only sure method for removal would be to wipe your hard drive and re-install the OS....the uninstaller created a new set of problems.
To get the uninstall program, users were asked to request it by filling out online forms. Once submitted, the forms themselves download and install a program designed to ready the PC for the fix. Essentially, it makes the PC open to downloading and installing code from the Internet.
According to security experts, the program fails to make the computer confirm that such code should come only from Sony or First 4 Internet.
"The consequences of the flaw are severe," Felten and Halderman wrote in a blog posting Tuesday after being tipped by a Finnish researcher, Matti Nikki. "It allows any Web page you visit to download, install, and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes. That's about as serious as a security flaw can get."
source
Which CDs to avoid (i.e. don't play these on your PC). Note that the list may not be complete.
Sony's music EULA. Only read this if the preceding was not depressing enough for you.
