A new wave of bots exploiting Sony's ill-conceived DRM rootkit has been found in the wild.
If you've been living in a cave the past week, you might have missed the discovery by security superhero Mark Russinovich of a rootkit that had been surreptitiously installed on his system when he played a Sony copy-protected music CD in his computer. Seems Sony considers their right to protect their digital rights trumps your right to a properly functioning, and safe, computer, and has been shipping this rootkit software on its CDs since April. The software can disable other music players on your system, has no discernible uninstall applet in the control panel, and will render your CD drive entirely useless when you rip it out of your system using normal methods. It was written so badly that it often caused normally functioning systems to slow down as it polled the system every 10 seconds looking for violations of Sony's rights, and has been implicated in a recent spike of BSOD crashes.
But the icing on the cake was the fact that it completely hid itself from the operating system, and enabled anyone to hide OTHER files on your system if they used the same naming convention for the files and processes.
Isn't it nice of Sony to provide virus, bot, and trojan authors a handy method of hiding their malware on your system? How thoughtful of them.
The story just continues to get worse. Read all of Mark's subsequent posts as he discovers that the software phones home every time you play a Sony CD, that the uninstall procedure (once you jump through all the hoops to get it) is written so poorly that it can crash your computer and corrupt data to the point of rendering your system unbootable, and the uninstaller is tied to an individual computer and times out 7 days after you receive it.
And all through this, Sony maintains that the software doesn't pose any hazard to your computer, and most users don't know what a rootkit is anyway so they shouldn't worry about it.