|Home » Industry Watch
Mark on Sony
A different kind of trick or treat.
It reads like a detective novel; it reads better than a detective novel.
On 31 October 2005 Mark Russinovich published a curious and exciting tale. The short is he bought the CD 'Get Right With The Man' by Van Zant. He didn't think to check what was on it; he didn't hold down shift when he inserted it into his computer; he runs Windows.
Using his own RootkitRevealer on a routine inspection, he was amazed to find out his own system was compromised. He had a 'rootkit' on his box, rootkit in this context being a 'cloaking device' that hides the presence of important (evil) code.
Mark was able to trace this curious piece of naively written software back to SonyBMG and a UK company that had provided it for them.
The cloaking system was just too simple: any file or directory with a '$sys$' prefix was automatically hidden from view. It didn't take hackers long to realise they'd found the perfect backdoor to infect anyone's Windows system.
Sony are taking a nonchalant stance on the whole thing, which has irked customers even more. Already boycott sites and online petitions have been set up. When Sony - or any company - can do things like this to one's personal property, it's time to pull the plug.
Postscript: A Week Later
The fallout around the world for this, the third bungle of SonyBMG, has not been good and is only getting worse.