It was bound to happen! According to this article on ZDNet, Trojans that take advantage of Sony’s rootkit have been spotted online. The article says that the initial version didn’t work too well, but variants that improved on the initial version quickly appeared thereafter. It does not take a rocket scientist to figure out that Sony’s idea of installing a rootkit on their consumer’s computers is a really, really bad idea. At the very least, this is going to be a public relations nightmare for Sony.
For those of you who somehow have not heard of this controversy, maybe I should give you a quick background. In the recent past few weeks or so, Sony has been marketing copyright/DRM protected CDs that when popped into the PCs CD drive, the user would be asked to click through a consent form after which the software would then automatically install a rootkit software hidden deep down on the hard drive. You can read more on the actual deals here. Unfortunately, for Sony, Mark Russinovich, an experienced software developer discovered the rootkit hidden on his computer while testing some security software he was writing. You can read about how he discovered this here.
What I don’t really understand is how the Sony engineers actually expected to get away with this maneuver. I find really astounding that someone (or some group) within Sony actually approved this action without thinking about the short/medium term implications. At the time of the discovery, computer security experts immediately warned that virus writers could or would create Trojans that could/would piggyback on Sony’s rootkit. And this is what has now happened.
Despite the backlash in some quarters, an number of positives developments have occurred. First, some anti-virus firms have also included the rootkit as spyware in their definitions. Second, Sony actually did an about turn on this and has posted a fix on its website to help expose the rootkit on one’s computer. However, according to ZDNet, to actually completely remove the rootkit from one’s system, one would have to call up Sony for assistance. Either which way, the damage may have been done. In fact, I smell another Harvard Business strategy case study waiting to be written.