The most notorious of rootkits wasn’t developed by criminals but instead by Sony BMG. Sony distributed several music CDs with their rootkit. The rootkit was part of Sony’s antipiracy campaign. It came to light when a customer, who also happened to be a security software analyst, detected some odd activity on his home computer (2). After thoroughly searching his PC, he found some hidden files. Eventually, it became clear that the hidden files were installed by the music CDs he had played on his PC. What came next was a PR nightmare for Sony. Customers were outrage at Sony’s underhanded campaign to distribute their rootkit. Irrespective of their intent, customers demanded Sony music CDs be removed from the shelves. In addition, Sony was forced to release a patch to remove the rootkit. Unfortunately, the patch was worse than the rootkit. To make matters worse, once it became known that several computers had Sony’s rootkit installed; hackers developed their own malware to exploit the rootkit in order to hide their own malware. Thankfully, security software vendors are developing ways to detect and remove rootkits (3).
Some of the biggest vendors are testing beta versions of their antirootkit scanners, including F-Secure’s Blacklight, BitDefender’s UnCover, Microsoft’s Windows Defender and Sysinternal’s Rootkit Revealer. All these beta versions are available for testing. Important, Windows Defender is available only to Windows user’s that have a genuine license copy of Windows.
1. "Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes" – eweek.com
2. "Sony, Rootkits and Digital Rights Management Gone Too Far" -- Mark’s Systinternal Blog
3. "New Rootkit Detectors Help Protect You and Your PC" – pcworld.com