News certainly happens fast sometimes. In between the time I first heard of this Sony rootkit and the time I finished writing about it, the story exploded around the web. Sony appears to have been caught flat-footed by the sudden, highly-negative publicity.
One aspect of this rootkit, which I didn't mention in my first article, is that it allows someone to hide any file or memory process on the system. All you have to do is add a certain word to the beginning of the file's name and you'll never see it again (without a rootkit detector anyway). Some people speculated that this situation could be put to nefarious use.
I did not mention this in the earlier piece because it was unlikely to be of much danger. A malware creator would be relying on dumb luck to protect his software. What I didn't consider was a person buying a Sony CD with the intention of using the rootkit for his own, less-than-honorable intentions.
Well, that is exactly what has happened. In another part of this same newsletter, I mention the controversy surrounding World of Warcraft's Warden anti-cheat program. That is a program which searches a computer's memory for evidence of a program used to cheat at the game. After word of Sony's rootkit made the news, some of these cheating programs were altered to take advantage of it.
The method couldn't be simpler. If you want to circumvent the program looking for a cheat, you simply go out and purchase a Sony music CD. You put the CD into your computer and let it install the rootkit. Then all you have to do is rename your cheating program so that the rootkit will hide it. WoW's Warden program will never know it is there.
Great work Sony. I'm sure World of Warcraft players will be thanking you after their favorite servers are overwhelmed by cheaters.
Realizing that they have done something wrong and that they have been caught doing it, the geniuses at Sony have decided to provide an uninstaller for their rootkit. It won't remove the copy protection software but it will stop hiding it.