Second Sony rootkit settlement ups payout to $5.75M

IDG News Service - Sony BMG Music Entertainment's botched attempt to stop unauthorized music copying has cost the company another $4.25 million.

Two days after reaching settlements worth a combined total of $1.5 million with Texas and California, Sony on Thursday agreed to pay another 40 states the money to end investigations into its use of two copy protection programs: First 4 Internet Ltd.'s XCP (extended copy protection), and MediaMax, written by SunnComm International Inc.

In a statement, Sony said it was pleased with Thursday's settlements.

More than 12 million Sony BMG CDs shipped with this software last year, according to a statement from the Massachusetts Attorney General.

Sony's trouble began in late 2005, when a computer science researcher disclosed that XCP used dangerous "rootkit" techniques to cloak itself after installation.

Later, investigators found that even users who declined to install the MediaMax program would have software placed on their computers, and one version of the program created a security issue, the Massachusetts statement said.

Sony has reportedly also reached a tentative settlement with the U.S. Federal Trade Commission in the matter, although nothing relating to that investigation was announced Thursday. Sony settled a class-action lawsuit over the software in May.

As with the California and Texas agreements, residents of the 40 states that settled with Sony are entitled to up to $175 in refunds for damages that may have been caused to their computers. The settlements also limit the ways that Sony can use copy protection software in the future and require that the company notify consumers if it uses this kind of software.

A list of the states covered in Thursday's settlement can be found in the Massachusetts statement.

Sony has set up a Web site with information for consumers on the matter. It is expected to eventually include information on how to file a claim under these latest settlements.