Not-so-merry Christmas from Sony BMG

Your PC might just start to behave very strangely this Christmas, thanks to Sony BMG, one of the major (and, it seems, least ethical) record labels. They have released a large number of CDs which install hacker tools on your PC, in an attempt to stop their customers from copying the music. Unfortunately, preventing copying is not all these Sony "CD"s (sometimes labelled Epic or Colombia) do.

When you put an infected Sony CD into your Windows PC, it will sneakily install a range of hacking tools - even if you read the "licence", recoil in horror, and click "Cancel"!

The software will slow down your PC, periodically contact Sony to tell them about your listening habits, and use a "rootkit" to hide itself. And that's only the start. They can use the software later to come along and take over your machine. And if they can, other hackers may be able to as well. What's more, once you have installed this malware, viruses can use it to hide too. There is already one worm doing just that.

Sony BMG claim to have released a fix. To get it, you need to fill in a couple of forms on the web, and agree to receive spam from unspecified companies. Then they will mail you where to find it. Then you get to download it. Unfortunately this fix does not remove the problem - in fact it leaves software that Sony can use to download yet more evil onto your longsuffering PC, whenever they want!

Artists affected include Natasha Bedingfield, Neil Diamond, Billie Holiday, Frank Sinatra, and many more - there are over 50 infected titles in Canada alone, according to Sony BMG. Since they own a number of CD label brands, the CD may not even say Sony on the cover - some Epic and Columbia CDs are affected too.

Be warned!

Sony BMG are supposed to be organising a recall of the spyware CDs, but for some of you it may already be too late.

What can you do? I'll add a few links later (you can Google for Sony rootkit). For now, be careful what you buy people for Christmas. And be careful what you listen to on your PC. And for goodness sake, disable autorun.

Check the Electronic Frontier Foundation's page here for more information.