Apparently research by F-Secure has shown that Sony BMG CDs comes with an actual, honest-to-goodness virus installed. Some CDs they bought from Amazon.com installed a rootkit when inserted into Windows PCs – a tool more normally associated with being hit by a virus or a particularly nasty piece of spyware – not a problem for the copyright cartel apparently:
When you insert such a CD to a Windows-based PC, the record will display a license agreement and then it will seem install a song player software – while it really installs a rootkit to the system. Once the rootkit is there, there’s no direct way to uninstall it. The system is implemented in a way that makes it possible for viruses (or any other malicious program) to use the rootkit to hide themselves too. This may lead to a situation where the virus remains undetected even if the user has got updated antivirus software installed.
You might not be familiar with what a rootkit is (hell, I wasn’t until the Security Now podcast devoted an episode or two to the subject)
A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. [...] A root kit is often used to hide utilities used to abuse a compromised system. These often include so called “backdoors” to help the attacker subsequently access the system more easily. For example, the root kit may hide an application that spawns a shell when the attacker connects to a particular network port on the system. Kernel rootkits may include similar functionality. A backdoor may also allow processes started by a non-privileged user to execute functions normally reserved for the superuser. All sort of other tools useful for abuse can be hidden using rootkits. This includes tools for further attacks against computer systems the compromised system communicates with such as sniffers and keyloggers. A common abuse is to use a compromised computer as a staging ground for further abuse. This is often done to make the abuse appear to originate from the compromised system or network instead of the attacker. Tools for this can include (D)DoS tools and tools to relay chat sessions, (spam)E-mail or attacks.
Says it all, really.
Update: No [other] virii as yet, but according to The Register it is already being used by World of Warcraft cheats to disguise their various bots (perhaps it’ll teach Blizzard that spyware is not the answer)