Leo Laporte and Steve Gibson I've posted Security Now! Episode 12 early to cover a breaking story on rootkits being installed by Sony BMG CDs. Download your copy now. Main feed - courtesy AOL Radio If you enter the RSS feed into your podcatcher by hand make sure you have the correct feed address (this is a redirect that always points to the actual XML file wherever it may hide):

http://leo.am/podcasts/sn

The Sony/BMG DRM rootkit was first discovered by F-Secure and widely publicized by Mark Russinovich of Sysinternals in his blog. The Sony DRM hides itself by modifying the Windows kernel, names itself "Plug and Play Device Manager" to confuse users, consumes CPU resources whether running or not with sloppily written code that does things like querying the file size eight times per scan, scanning every two seconds, and, worst of all, allows any hacker to easily hide files on your system.

Sony's license agreement is vague about what it's installing and implies that it can be easily disabled. It cannot.

Use Sysinternals' Rootkit Revealer or F-Secure's Blacklight to find the rootkit - look for $sys$ - but don't remove it or you'll loose access to your CD-ROM drive. Sony is now offering removal instructions that point you to the XCP Aurora web site and Service Pack 1 containing "fixes and workarounds." For more details visit the Security Now home page. <!--break-->