SONY found out that rootkit was installed because of


The media is
always under constant pressure to find new ways of protecting digital media
from being distributed illegally by pirates. In order to fight piracy, Sony BMG
(Bertelsmann Music Group) went a step ahead in June 2005 which resulted in this

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

In June 2005, Sony BMG sold over one million copies containing a software
package called XCP (Extended Copy Protection) which was developed by First 4
Internet (F4I) company, based in United Kingdom, in order to counter piracy. This
XCP software package was designed so that customers cannot make more then
certain number of copies of the original protected disks. Not all the titles of
Sony BMG contained this software but a large number of the copies sold by Sony
BMG had this protection software. When these CD’s were inserted into a personal
computer, it would install a software on Windows systems after the consumer
accepts end-user license agreement (EULA). But there was no mention about
this particular software in EULA.

This scandal
came to light when Mark Russinovich, a researcher of Winternals, scanned his
system using RootKitRevealer and discovered that his system was infected by
some sort of rootkit software. Upon further investigation, he found out that
rootkit was installed because of the CD he had purchased which was released by
Sony BMG. He discovered that XCP kept on running in background consuming
excessive resources irrespective of whether the CD was being played or not
which resulted in slowing down of consumer’s computer. XCP also left computers
open to possible security breaches from malicious software such as trojans.
Moreover, it was impossible to uninstall it as it came without any uninstaller
and if any attempt of uninstalling was made, the operating system failed to
recognize existing drives.

Soon after this,
Sony BMG released a patch for their software stating that this service pack
would remove the XCP component from affected computers. Upon further analysis
of this service pack by Russinovich, he found out that the only thing the
service pack did was to disable the cloacking technology and not to actually
uninstall the rootkit. Not only this, the service pack installed an uninstall
software based on ActiveX programs because of which Internet Explorer Web
Browser would automatically run malicious code which left many computers

This DRM debacle
led to many lawsuits against Sony due which they incurred huge financial
losses. Sony had to pay penalty of $750,000 to Texas state for violation of law
and additional $150 for every damaged computer as a result of lost battle
against Greg Abbott. On January 30, 2007, Sony made a settlement with the US
Federal Trade Commission and were required to reimburse affected consumers up
to $150 for the damage done by them.