Sony BMG has settled cases with California and Texas that were brought following the revelation that some of the label's CDs (full list) came with rootkit software that automatically installed itself onto users' Windows PCs, allowing Sony BMG – and other hackers – to monitor and even seize control of users' computers.
Each state will receive $750,000 in civil penalties and costs. I'm not clear on how that money is supposed to make it to people who's computers were damaged by one of these CDs (maybe another "fried egg"-style public relations campaign... "this is your PC on Sony?").
However, users who wish do file a claim can do so here.
If your computer was infected by the XCP variant, you get a new copy ofthat CD and $7.50 plus either one or three album downloads from SonyConnect, Apple iTunes, or Wal-Mart. For the MediaMax variant, you geteither a free digital version of the CD (for MediaMax 3.0) or a digitalversion and a second digital album (version 5.0). Either way, you havea new reason to fear copyright protection.
The deadline for filing a claim is 12/31/2006. In the meantime, victims of either software can still download fixes that are supposed to uninstall MediaMax or XCP – trying to remove them yourself can apparently damage your computer. (This part is not news, but people might need a reminder, with only a week and a half left to file a claim.)
The news today was that Sony BMG also owes California and Texas alittle over $1.5 million for installing this malware, which seems likea slap on the wrist. What if government employees had played one ofthese CDs on a computer with sensitive data on it?
Here's a tip for buying CDs: examine the packaging closely. If you don't see the CD logo, the "music disc" you're buying almost certainly contains some sort of DRM (although I doubt any label will try installing rootkits like these any time soon).
(via Salon's AP feed; image from boingboing)