Sony Rootkit Fix

I hadn't originally planned to do much writing until after the Thanksgiving holiday, but some developments related to the Sony XPC First 4 Internet Rootkit situation warrant everyone's immediate attention. No one is releasing statistics about how many computers might be infected with this problem; it's a case of better safe than sorry. If you haven't purchased a Sony music CD anytime recently, you're likely in the clear. If you have, assume your system needs to be checked out, assuming you played that CD on your computer.

I'm dedicating almost everything today to the topic of rootkits, rootkit detection and removal and some of the basic information about rootkits in an effort to raise awareness about the problem. Rootkits have been around longer than the Sony issue, but a major corporation releasing malware on music CDs from some of the best known musicians in the world creates a situation where the problem moves from fringe isolated issue to the forefront of public concern. Chris interviewed Mark Russinovich of Sysinternals, who is credited with discovering the rootkit, for our radio show sometime back.

It's taken what seems like an eternity to get from Mark's discovery of the problem to a viable solution. The timeframe is really about 30 days, which is reasonably quick in terms of getting large corporations to pay attention. While a 30 day turnaround is relatively short for corporations, it is apparently enough time for maliciously inclined developers to create an exploit. A number of defenses against rootkits exist in general (including BlackLight and RootkitRevealer), although in this case, the ones mentioned here aren't ideal for the Sony problem because uninstalling the Sony software without following some careful procedures renders your CD drive useless.

The major development is a fix for the problem. Microsoft issued an update to Microsoft Antispyware [Editor's note: this feature is now part of Microsoft Security Essentials] to include the rootkit bundled with Sony/BMG music CDs. The Decemeber 2005 update to the Malicious Software Removal tool from Microsoft will also include a fix. With the holiday season presenting an opportunity for families to gather, it's also a great time to encourage your family members to update their security software.

If you're dropping by a friend or family member's house sometime over the next month to celebrate any of the end-of-year holidays, take some time to update virus definition files, download spyware monitoring apps and check firewall settings. Even if you aren't technically inclined, these are all ways you can help without needing to be a computer expert.