Press Releases

Browse our press release archive

24 May 2006

Refunds for music fans hit by Sony DRM rootkit

Music CD
98% of sysadmins said that Sony's copy-protection code posed a security threat.

A class action suit against Sony BMG has been granted final approval for a settlement by the federal court, allowing music fans to claim refunds and free music downloads. The case was brought against the music giant after it included potentially dangerous copy protection software on an estimated 15 million music CDs.

Sony's controversial digital rights management software, included on CDs from the likes of Neil Diamond, Alicia Keys and Dido, introduced a rootkit-style "cloaking" vulnerability onto PCs. The vulnerability was exploited by malware such as the Stinx-E Trojan horse in an attempt to evade detection by anti-virus software, leading to a public relations disaster for Sony.

A poll of more than 1500 business PC users, conducted by Sophos, revealed that 98% believed that Sony BMG's controversial digital rights management software was a security threat.

District Court Judge Naomi Reice Buchwald approved the settlement, which means that CD purchasers can apply for a $7.50 refund plus a free music download, or three album download, whichever they prefer.

"Despite its good intentions in stopping music piracy, Sony's DRM copy protection was inept in its implementation and caused the company a PR nightmare," said Graham Cluley, senior technology consultant for Sophos. "Other entertainment companies interested in protecting their music and movies from pirates will hopefully have learned not to borrow techniques from malicious hackers."

Sony has published information about the settlement, and details on how to claim, on the website The full list of CDs carrying the software can be found here.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at