If you purchased one of about 20 CDs from Sony/BMG over the course of 2005, including the latest from Celine Dion and Neil Diamond, it’s possible your computer may be at risk. Those of us who immediately rip every CD to our hard drive following a purchase should double check for the existence of a rootkit exploit bundled with many Sony CDs. EFF has a non-comprehensive list of rootkit infested titles. Thankfully, after Mark Russinovich at Sysinternals first discovered the rootkit among some software installed by Sony from a Van Zant album purchase, Sony has since stopped production on the rootkit bundling versions of the various titles. The scary part is a lack of statistics on how many infected computers exist. A computer only gets infected by playing one of the compromised CDs on your computer. With the popularity of some infected titles, the numbers a potentially quite large. According to CNET, there’s at least one known exploit of the rootkit.

So what is a rootkit? Basically, it’s a computer program designed to reside on your system hidden from detection. In most cases, rootkits are Trojan Horse applications meant to provide access to your computer or to personal information on your computer. You can find out more about rootkits at my blog.

The good news is, in addition to stopping production on CDs, Sony is also offering a solution to the problem. Microsoft’s AntiSpyware also includes a fix for the rootkit which is more intuitive than the Sony solution. If you want to perform a general scan of your system for Rootkits, Sysinternals makes a great detection tool called RootkitRevealer or you can try the beta of F-Secure’s BlackLight.

[tags]sony,drm,rootkit[/tags]