Hacker websites are using Sony's DRM uninstaller in an attempt to take over Windows PCs. Under pressure, Sony recently released a tool to remove the rootkit technology installed when users play Sony BMG CDs on Windows PCs. This happened after it was shown Sony's DRM code (First4Internet XCP program) created a handy means for hackers to hide malware from anti-virus scanning programs.

Several malware variants have been created that try to hide with the help of the Sony DRM cloaking technology. Coding errors in the malware mean none have been particularly successful. In fact, work by security researchers suggest that a vulnerable ActiveX control (http://secunia.com/advisories/17610) in Sony's DRM uninstaller is a greater security risk than the original Sony rootkit.

The warning (http://www.freedom-to-tinker.com/?p=927), by Ed Felten of Freedom to Tinker, is borne out by the discovery (http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=340) by Websense of exploit websites that attempts to use the trick. Sony has stopped distributing its flawed DRM uninstaller. But that still leaves any user who has downloaded and run the Sony uninstaller program susceptible to attack, providing they can be tricked into visiting hacker sites. So users need to remove the vulnerable ActiveX component as explained here (http://www.f-secure.com/weblog/archives/archive-112005.html#00000709).

To remove the DRM software entirely is a far trickier proposition that security researchers have only partially answered. An expert might (with effort) be able to remove the software but for an average user the situation is quite hopeless, and getting more complicated by the day. ®

Related stories

Sony to exorcise 'rootkit' from USB drives (4 September 2007)
http://www.theregister.co.uk/2007/09/04/sony_fingerprint_rootkit_update/
Sony bundles rootkit-like software on USB drive (29 August 2007)
http://www.theregister.co.uk/2007/08/29/sony_rootkit_controversy/
How fat is my DRM? (20 December 2006)
http://www.theregister.co.uk/2006/12/20/sony_rootkit_drm_settlement/
Judge approves Sony rootkit settlement (23 May 2006)
http://www.theregister.co.uk/2006/05/23/sony_rootkit_settlement/
Don't break DRM even if it 'threatens lives' (21 March 2006)
http://www.theregister.co.uk/2006/03/21/dmca_exemptions_controversy/
Researcher: Sony BMG rootkit still widespread (16 January 2006)
http://www.theregister.co.uk/2006/01/16/sony_bmg_rootkit_still_widespread/
MS releases IE überpatch (14 December 2005)
http://www.theregister.co.uk/2005/12/14/ie_uberpatch/
Sony BMG 'diligently re-evaluates' CD anti-piracy tech (12 December 2005)
http://www.theregister.co.uk/2005/12/12/sony_anti-piracy_review/
Intel readies rootkit- rooting hardware (9 December 2005)
http://www.theregister.co.uk/2005/12/09/intel_anti-rootkit_chip/
SonyBMG backtracks on buggy bug fix (9 December 2005)
http://www.theregister.co.uk/2005/12/09/sony_mediamax_problems/
Sony opens up over another CD security hole (7 December 2005)
http://www.theregister.co.uk/2005/12/07/sony_cd_security/
Sony's DRM woes worsen (30 November 2005)
http://www.theregister.co.uk/2005/11/30/sony_drm_spitzer/
Sony fiasco: More questions than answers (23 November 2005)
http://www.theregister.co.uk/2005/11/23/sony_drm_questions/
Sony unsinged by rootkit CD fiasco (22 November 2005)
http://www.theregister.co.uk/2005/11/22/analysis/
Texas puts Sony BMG in its sights (22 November 2005)
http://www.theregister.co.uk/2005/11/22/texas_sues_sony_bmg/
Gaffer tape defeats Sony DRM rootkit (21 November 2005)
http://www.theregister.co.uk/2005/11/21/gaffer_tape_trips_up_sony_drm/
EMI irks Apple over iPod anti-rip CD compatibility claim (18 November 2005)
http://www.theregister.co.uk/2005/11/18/apple_emi_macrovision/
Sony's CD rootkit infringes DVD Jon's copyright (18 November 2005)
http://www.theregister.co.uk/2005/11/18/sony_copyright_infringement/
Sony in USB lead porn punt shocker (17 November 2005)
http://www.theregister.co.uk/2005/11/17/sony_usb_offer/
Sony pulls rootkit DRM CDs (16 November 2005)
http://www.theregister.co.uk/2005/11/16/sony_withdraws_xcp_cds/
UK inquiry into DRM and the law (15 November 2005)
http://www.theregister.co.uk/2005/11/15/outlaw_parliament_drm/
Sony rootkit DRM: how many infected titles? (15 November 2005)
http://www.theregister.co.uk/2005/11/15/sony_bmg_bodycount/
Sony suspends rootkit DRM (12 November 2005)
http://www.theregister.co.uk/2005/11/12/sony_suspends_rootkit_drm/
Sophos develops Sony DRM unmasking tool (10 November 2005)
http://www.theregister.co.uk/2005/11/10/sony_drm_unmasked/
Sony hit by lawsuits over root kit (10 November 2005)
http://www.theregister.co.uk/2005/11/10/sony_sued_for_rootkit/
First Trojan using Sony DRM spotted (10 November 2005)
http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/
Sony to offer patch for 'rootkit' DRM (3 November 2005)
http://www.theregister.co.uk/2005/11/03/sony_rootkit_drm/