Getting to grips with the $ony rootkit

$ony have halted the inclusion of what is being called the ‘XCP virus’ on its CDs after the number of legal problems that it’s facing increases.

EFF has put out a guide to how to spot if your CDs contain XCP. That site has a list of 19 of the 20 titles that $ony have put this trojan onto, but, as is pointed out in Geoffrey McCaleb’s blog, the official number of 20 is being spoken in legalese: $ony might only have released 20 CDs containing the rootkit, but $ony subsidiary companies currently have 47 titles (that have been found so far). For a list of the titles currently identified, check out his blog post.

$ony says that this problem is only on CDs sold in the US, but, with the international market being what it is, it wouldn’t be surprising if this is a global problem. $ony are being invetigated by the Italian police for distributing malicious code, so at least one other country is taking legal action other than the US.

Currently there doesn’t appear to be an easy solution to removing the software, but Mirco$oft have decided that the code does indeed count as spyware so will be releasing an addition to their anti-spyware software in the next month (source) and other spyware comapanies such as Sophos say that they will have a removal system in place inside a week.

Leave a Reply