This can be Sony's worst nightmare: first, Sony decided to distribute a rootkit in there music CDs, to be installed in your PC (without your knowledge), in order to hide is DRM software; second, Mark Russinovich discovered the existence of this rootkit, and make it public, which make people start to scream at Sony; third, someone took advantage of the rootkit and wrote a trojan codenamed Stinx-E, able to hide from Windows, so impossible to be detected and cleaned; fourth, Sony decided to provide an uninstaller to allow people to erase the rootkit, but this uninstaller raised new security holes; and finally, it seems Sony used some LGPL code, without delivering the source, so breaking copyright:
It turns out that the rootkit contains pieces of code that are identical to LAME, an open source mp3-encoder, and thereby breach the license.
This software is licensed under the so called Lesser Gnu Public License (LGPL). According to this license Sony must comply with a couple of demands. Amongst others, they have to indicate in a copyright notice that they make use of the software. The company must also deliver the source code to the open-source libraries or otherwise make these available. And finally, they must deliver or otherwise make available the in between form between source code and executable code, the so called object files, with which others can make comparable software.
Sony complied with non of these demands, but delivered just an executable program. A computer expert, whose name is known by the redaction, discovered that the CD "Get Right With The Man" by "Van Zant" contains strings from the library version.c of Lame. This can be concluded from the string: "http://www.mp3dev.org/", "0.90", "LAME3.95", "3.95", "3.95 ".