I emailed this to Mark (and haven't heard back yet), but I might as well put it out here as well, since it will probably get more play here:
I found this thing on my system. I do not play music CDs on my system, so it couldn't have come from there. Checking the ownership of the files revealed that they were owned by another user in our network who would never have cause to log on to my machine. I can only assume, therefore, that the rootkit installed itself on this user's machine when they played a sony CD, then searched across the network for open network shares (of which I had one, temporarily). I can only assume that this is intended to make sure that when a home user gets this thing, that they can't use another machine to remotely do a copy (and thus bypass the DRM protection), by installing itself on any machine it can find on the network.
The upshot is, this rootkit doesn't just install itself surreptitiously on your machine and hijack your CDrom drivers, it also propagates across the network, and can infect machines that you didn't even log on to. It's a virus as well as a rootkit.
I'd be interested to know what you find out. If it self-propogates, the IT Sec Intel community has a need to know....as of course, does the public.
You can FReepmail me.
A virus would cause it to propagate. I saw a link to an article earlier thats more comprehensive in outlining how a virus would cause a compromise and subsequent propogation.
...I'll try to find it.