5 Years after Sony BMG Rootkit Scandal was Exposed

By Dipankar Das, Gaea News Network
Wednesday, November 3, 2010

malware The exposure of Sony BMG Rootkit scandal five years ago is indeed very significant in IT history.  Sony BMG secretly included Extended Copy Protection (XCP) and MediaMax CD-3 software on millions of music CDs from artists such as Celine Dion, Neal Diamond and Santana in the mid-2000s. They planted the rootkit  into customers’ PC in the name of anti-piracy. It was designed so that music owners can not make too many copies of the music. The Malware can not be detected by anti-virus or anti-spyware program.

When the scandal was revealed by security researcher Mark Russinovich on Oct. 31, 2005, Sony BMG had to recall their products, issued software removal tools and had to settle lawsuits with different states and Federal Trade Commisson. Since then, the Rootkit became very common Malware.  The sophisticated rootkit Stuxnet worm targeted Windows PC earlier this year.  A security company demonstrated past summer how rootkit can cause havoc to Android based smartphone. After the revelation of the Sony BMG rootkit scandal, security experts blasted on the music company as well as  security vendors whose products failed to detect  the threat.

“[M]uch worse than not detecting it before Russinovich’s discovery was the deafening silence that followed. When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case,” Bruce Schneier, the security expert wrote.

F-Secure’s Hypponen recalls that it took nine days to figure out the Sony BMG Rootkit virus. However, they kept quiet about it because they were trying to convince Sony BMG to do something about the Rootkit first. Schneieralso also rebuked Microsoft for not taking quick action. However, Microsoft acquired Winternals Software which was founded by Sony BMG rootkit finder Russinovich. He is now a technical fellow at Microsoft and his biography on Microsoft’s Website highlights “his discovery of a Rootkit on popular Sony audio CDs led to industry reforms in the area of computer privacy.”

will not be displayed