Virus writers have begun taking advantage of Sony-BMG’s use of rootkit technology in DRM software bundled with its music CDs.
Sony-BMG’s rootkit DRM technology masks files whose filenames start with “$sys$”. A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file “$sys$drv.exe” in the Windows system directory.
“This means, that for systems infected by the Sony DRM rootkit technology, the dropped file is entirely invisible to the user. It will not be found in any process and file listing. Only rootkit scanners, such as the free utility RootkitRevealer, can unmask the culprit,” warns Ivan Macalintal, a senior threat analyst at security firm Trend Micro.
Now here’s the awkward question for supporters of the DMCA: what would constitute “circumvention” in this case? The DMCA doesn’t make an exception for poorly-written DRM schemes. It doesn’t say circumvention is illegal unless it’s necessary to safeguard the security and stability of your computer. So if I had a PC infected with Sony’s software, would I be a criminal if I removed it? Is a programmer who shares a removal tool “trafficking” in circumvention tools?
The fundamental problem with the DMCA is that it focuses on technological design decisions (“does this product circumvent a DRM scheme”) rather than on the behavior of people (“does this company’s business model undermine copyright holders’ rights?”). The members of Congress aren’t computer programmers, and so not surprisingly, when they tried to legislate about technological design decisions, it didn’t work very well. We get vague concepts like “technological protection measure” and “circumvention device” that don’t track well with the way actual computer software works.
One solution would be to amend the DMCA to make it clear that you can circumvent DRM schemes that threaten the security of your computer. A better solution, though, would be to get Congress out of the business of legislating about technological designs altogether by repealing the anti-circumvention provisions of the DMCA.
Update: I agree with Ed Felten. This is spyware, plain and simple. Felten also links to a great followup by Mark Russinovich, the guy who broke the story in the first place, on the embarrassingly complicated uninstall process that Sony has set up to dissuade users from removing its spyware from their computers. Sony needs to realize how badly it has screwed up, apologize to its customers, and publicly distribute a one-click un-installer for its spyware DRM.
Also, if you still have a PC (and really, isn’t it time you jumped on the Mac OS bandwagon?) you should disable auto-run to protect yourself from incidents like this in the future.