Spotlightingnews

Sony BMG Recalls Spyware CDs

US Department of Homeland Security: "[XCP] can pose a security threat"

Sony BMG admitted it was hiding potentially dangerous "anti-piracy" software inside people's computers with their XCP virus-like program.

After Mark Russinovich discovered the company used a root kit to hide a virus-like program that denied users to copy certain Sony CDs, Sony apologized and recalled all the CDs that contained the XCP software as well as offered a way to remove it from infected hard drives.

Sony's removal tool is yet another seriously bad move the company made. The tool indeed removes at least part of the root kit, but it also leaves a much more dangerous security hole, allowing any website to upload and RUN any software on the user's computer. Yet again, Sony messed it up.

The US Department of Homeland Security said that Sony's hidden software "can pose a security threat," giving Sony some well-deserved beating.

The XCP program or eXtended Copy Protection can be found on recent Sony BMG CDs. As soon as you insert the CD in your CD-ROM, the program installs itself deep into the Windows operating system and denies the user from copying copyrighted music.

Even though there's neither evidence nor any logical reason for Sony to do so, the company could have used this program (or rather, virus) to send user's personal information to the company. This makes XCP the first corporate spyware program.