Sony offers to replace rootkit CDs

The besieged media giant has finally issued an apology for distributing CDs containing copy-restriction technology that has already been exploited by virus writers

Customers who have bought a Sony CD that contains rootkit-like copy-restriction technolgies that leaves their PCs vulnerable to attack will be offered an exchange, Sony said on Tuesday.

Sony is also withdrawing the affected CDs from its stores, after a major public backlash over its use of technology that hides digital rights management (DRM) software from the user.

In a statement, Sony said it was sorry for any problems the withdrawal of CDs had caused. "Sony BMG deeply regrets any inconvenience to our customers and remains committed to providing an enjoyable and safe music experience," the company said.

Sony says more than 20 titles have been released with the XCP copy-restriction software, and of those CDs, over 4 million have been manufactured, and 2.1 million sold.

One blogger, though, has put the number of affected titles at 47.

[? /*CMS poll(20003927) */ ?]

More information about Sony's CD exchange programme will be made available later in the week. Customers who have already run the CDs on their computers may have to turn to try and remove XCP manually. Over the weekend, Microsoft said its security tools would soon detect and remove it.

Country rockers Van Zant's "Get Right with the Man" kicked off the firestorm when a blogger traced a hidden, spyware-type file on his computer to the CD.

Other XCP copy-protected CDs include new releases by Neil Diamond, Celine Dion, Natasha Bedingfield and The Coral, according to the Electronic Frontier Foundation.

Sony also issues copy-restricted CDs using software from digital rights management company SunnComm. But this technology hasn't come under the same kind of attack as XCP, made by UK firm First 4 Internet.

Many ZDNet UK readers have vowed never to buy another Sony product. Last week, the first Trojan horses to use XCP to hide from detection were discovered.