A few minutes ago I read a news article written by Brian Krebs who described how some Sony Music CDs try to install a software on Windows PCs that can be labeled as spyware or even worse than that.
It seems that we have reached a new level in the fight between record companies and its consumers. If you put a music CD in question into your drive an installer will popup. If you agree to install the software you won't find a uninstall feature anywhere on your PC and end up with software on it that may be harmful to it.
Apparently all Music CDs labeled "Content enhanced & protected" have the installer on the CD, make sure you check this before you buy a CD, especially if you want to listen to music on your PC.
According to Krebs "The CDs in question make use of a technique employed by software programs known in security circles as "rootkits," a set of tools attackers can use to maintain control over a computer system once they have broken in."
It takes PC expertise to remove this software once it is installed on a computer system. Security companies like FSecure are aware of the rootkit-like behavior and have created virus definitions for it. Here is the summary that they are making available:
Extended Copy Protection (XCP) is a CD/DVD copy protection technology created by First 4 Internet Ltd. XCP has been used to protect some audio CDs released by Sony BMG Music Entertainment. The XCP protected disks contain digital rights management (DRM) software that allow the user to make a limited number of copies of the disk and also rip the music into a digital format to be used on a computer or portable music player.
Once installed, the DRM software will hide:
No means of uninstalling the DRM software is given. The software supports Windows 98SE, Windows ME, Windows 2000 SP4 and Windows XP.
This analysis was conducted on Windows XP. The music CD that contained the DRM software was Van Zant: Get Right with the Man (Sony BMG Music Entertainment). F-secure also posted a guide on how to remove the software once installed on your system.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.