So: if you've recently used CD releases from Sony
BMG that state that they are content protected on your Windows
computer, the “Scan for Rootkits” function in our product will detect
this program on your system. Same happens with our free BlackLight beta
that you can download from our web site.
you find this rootkit from your system, we recommend you don't remove
it with our products. As this DRM system is implemented as a filter
driver for the CD drive, just blindly removing it might result in an
inaccessible CD drive letter. Instead, we recommend you contact Sony BMG directly via this web form
and ask for directions on how to remove the software from your system.
We've test driven this and they will provide you with tools to do this.
However, they will install additional ActiveX components to your system
while they are doing this so be adviced (sic).
Interesting situation for the antivirus crowd.
It's easy to declare a virus as bad, but what do you do with this
monster? Here is a software using a rootkit to get the job done,
but has a legal purpose. I personally am outraged that Sony would
allow such activities and encourage the antivirus to continue to flag
this as malware. Read the full blog post from F-Secure. This is from F-Secure's technical description (emphasis mine):
The hiding techniques used by the DRM software can be abused by less technical
malware authors to hide their backdoors and other tools. If a malware names its
files beginning with the prefix '$sys$', the files will also be hidden by the
DRM software. Thus it is very inappropriate for commercial software to use these