Attached Link: http://www.sysinternals.com/Blog/

Yeah, but... When Sony BMG isn't including the XCP rootkit, they have been including MediaMax, which is also not secure. And it has been phoning home with your CD listening details since as early as 2003! (In fact any DRM is inherently insecure unless you implicitly trust the company managing it - and as Sony BMG seems to outsource this, all bets are off.) Also note that one of the uninstallers Sony BMG first delivered for XCP leaves your PC even more vunerable than living with XCP (installs a "safe for scripting" Active X control with no checks or balances on who runs it!!!). Numbers of PCs infected with XCP (derived from DNS call statistics) is close to 0.5M. This can't be from 52 CDs!?! So there seems to be another source. Downloading Sony BMG tracks??? The link has much of the details, inclduing manual steps to turn XCP off until Sony BG or your anti-spyware vendor finally responds to this 8-month old menace.