SonyBMG’s Rootkit – Real World Story

I have written a few times about SonyBMG’s rootkit, originally intended to protect songs on their CDs. All my writing has been in the abstract, looking at the whole situation from afar.

Tonight I got this email, and the problem has come closer to home.


I have been reading your blog since you started it. Therefore I thought of you recently when my computer was harmed. I have been online for about 7 years and have had my current computer for 3 years. NO problems with virus’ etc. I have been very careful with my online activity.

Now comes the problem. I am a Neil Diamond fan (no laughing) for at least 30 years. Therefore my husband bought his latest CD “12 Songs” the minute it was released. Not his best but still a good thing after 4 years with no released CD’s. Unbeknown to us this CD was infected with XCP software. I played it in my computer and it disabled my CD and CDRW drives.

I contacted Dell techs (no help). I never mentioned the CD. Next step….I called our computer repair man. He spent two visits eliminating possible reasons for the unresponsive drives. I did tell him that the last CD in the drive was the ND/CD. No problems with my BIOS, drives, motherboard etc. So he determined it was my Windows OS that was corrupted.

Upon starting the repair disk it seemed to be working. NOT– it kept looping. At this point we wanted to return to the computer as it was. Again it wouldn’t allow this.

So Windows had to have a clean install. You know what that means!!!!

Lost all hard drive and software and everything that has been done on this computer for 3 years. Frustration. You bet. I am trying to restore my poor computer one step, one day at a time. What a lot of unnecessary work. I would have expected this from my online time NOT a CD. If I had ANY idea that this was possible I could have prevented this.

We still had no proof that the ND/CD was to blame. Then by chance my husband came across an announcement on the SONY/BMG site that explains the infected CD problem.

All the info is a day late and a dollar short for me and my computer.

All SONY wants to do is replace the CD.

Why has this problem not been more widely shared with the public? It is a huge problem. 52 artists have been affected. has pulled many many CD’s. This IS big news affecting a large part of the music listening population. However I found all of this out too late.

Do you think this is right? And where do you suggest I go from here?

Hope this isn’t too long and will be of some interest to you.

Thank you for any consideration.

Barbara (last name removed)

Seymour, CT

I told Barbara to write our state’s Attorney General. This is the kind of case he often takes.

Truthfully, I don’t know what Sony’s responsibility is, or if there is a responsibility. Obviously, there is real damage and real costs incurred by Barbara.

I don’t know how Sony will deal with it. So far, their position has slowly evolved as if it was being formulated based on response to their last action. I’m not sure there are provisions for the Barbaras of the world… or if there ever will be.

I wonder how Neil Diamond feels about all this?