November 01, 2010, 9:29 PM — The revelation 5 years ago that Sony BMG was planting a secret rootkit onto its music customers' Windows PCs in the name of anti-piracy is seen now as one of the all-time significant events in IT security history.
"Sony rootkit was one of the seminal moments in malware history," says Mikko Hypponen, chief research officer at Helsinki, Finland-based security company F-Secure. "Not only did it bring rootkits into public knowledge, it also gave a good lesson to media companies on how not to do their DRM [digital rights management] solutions."
For those of you who are fuzzy on the details, Sony BMG secretly included Extended Copy Protection (XCP) and MediaMax CD-3 software on millions of music CDs from artists such as Celine Dion, Neal Diamond and Santana in the mid-2000s that was designed to keep music owners from making too many copies of the music. The software, which proved undetectable by anti-virus and anti-spyware programs, was in the form of a rootkit that opened the door for other malware to infiltrate computers unseen as well. Once the rootkit was exposed by security researcher Mark Russinovich on Oct. 31, 2005, all hell broke loose, with Sony BMG botching its initial response ("Most people don't even know what a rootkit is, so why should they care about it?" went the infamous quote from Thomas Hesse, then president of Sony BMG's Global Digital Business.) and later recalling products, issuing and re-issuing software removal tools, and settling lawsuits with a number of states, the Federal Trade Commission and Electronic Frontier Foundation.
Rootkits have since become common among modern malware, with one security company this past summer even demonstrating how a rootkit might one day plague the Google Android smartphone operating system. The sophisticated Stuxnet worm identified this year as a threat to Windows PCs and industrial systems also uses a rootkit.