Web attack targets Sony rootkit fix

Sony BMG took another blow on Wednesday, when a security company said it has found malicious attacks based on software designed to defuse the record label's 'rootkit' problems.

Websense's security labs reported that it has discovered several Web sites designed to exploit security flaws in a rootkit uninstaller program issued by Sony BMG Music Entertainment. As reported earlier, some Sony CDs deposit rootkit-like code onto people's computers that leave them open to attacks.

Websense has uncovered only a couple of Web sites set up to attack flaws in the initial uninstall program, and the damage they cause appears to be minimal so far. One of them, hosted in the US, simply restarts infected computers.

"It's someone trying to make a point," said Dan Hubbard, senior director of security and technology research at Websense. "They could have done a lot worse."

Sony became embroiled in controversy earlier this month after the record label was discovered to be distributing secret code similar to a rootkit with certain music CDs as a copy-protection mechanism. Sony BMG recalled millions of these CDs on Tuesday, after viruses exploiting flaws in the rootkits began to appear.

The company also released programs to uninstall the rootkits, but the initial Web-based version has its own set of flaws, Princeton University computer science professor Ed Felten wrote in his blog on Tuesday.

In the case of the US-hosted malicious site, the attacker may have compromised the site without the owner's knowledge, Websense's Hubbard said. The site appears to be associated with Canada's version of the Pop Idol TV show. Websense also found the following message in the site's malicious code: "Sony DRM Christmas Gift." DRM stands for digital rights management, a type of copy-protection technology.

"Any user who has downloaded and run the Sony uninstaller program is susceptible to this attack," Websense said in a statement.

A Sony BMG representative did not immediately respond to inquiries about the alert.