The investigators simply went out to the most popular stores and were able to buy CDs that contained XCP, copy protection that when installed, is cloaked using the same techniques used by virus writers (who often use "rootkits" to hide malicious software on a Hard Disk Drive). They were able to purchase the CDs at Virgin Megastore, FYE, Best Buy, Circuit City, Sam Goody, and Wal-Mart.
They also ordered the CDs and were promised "prompt delivery" from the websites of Circuit City, Best Buy, Sam Goody, FYE, and Wal-Mart. They couldn't get the CDs however from sites of J & R Music World or Tower Records. Sony BMG had promised to pull all copies of the 52 titles that contain XCP from shelves in mid-November. "I strongly urge all retailers to heed the warnings issued about these products, pull them from distribution immediately, and ship them back to Sony," said Spitzer.
First4Internet's XCP has caused a public relations nightmare for Sony in the last month. It started when Mark Russinovich discovered the rootkit-like techniques it uses after buying a CD and trying to play it on his computer. He then posted a warning on his blog. It also emerged that Finnish company F-Secure had warned Sony BMG in October about the problem. Sony BMG now faces lawsuits that claim it used the techniques of virus writers and put consumer's home PCs at risk.
Source:
InformationWeek
Written by: James Delahunty @ 30 Nov 2005 17:59
