A coalition of plaintiffs reached a settlement with Sony BMG which began after Mark Russinovich discovered that Sony BMG had included digital rights management (DRM) with stealth technology into some of its music CDs. The DRM technology, which was the product of Sony BMG partners First4Internet and SunnComm, turns out to be the equivalent of a rootkit. The rootkit installed files on users' systems, which exposed their computers to potential attacks. The rootkit also reported computer use activity to Sony BMG without prior user consent.

According to Eletronic Frontier Foundation (EFF), who took part in the lawsuit, the settlement allows anyone who purchased the infected Sony BMG CDs to obtain the same music without the DRM software. Those who make a claim in the settlement can alternatively receive up to 3 album downloads or possibly a small cash settlement of $7.50.

Other parts of settlement force Sony BMG to stop manufacturing CDs with both First4Internet XCP and SunnComm MediaMax software. The settlement also nullifies several parts of related end user license agreement (EULA) agreements and requires that Sony BMG conduct detailed security review processes prior to including any DRM on future CDs. Sony BMG could also wind up paying over $2,300,000 to the plaintiffs' attorneys for fees and expenses.

"This settlement gets music fans what they thought they were buying in the first place: music that will play on all their electronic devices without installing sneaky software," said Electronic Frontier Foundation (EFF) Legal Director Cindy Cohn.

EFF published a lengthy list of affected music CDs, which include notable artists such as Bette Midler, Foo Fighters, Dave Mathews Band, and Alicia Keys. People who wish to submit a claim can visit the EFF Web site and view the complete list of settlement options at Sony BMG's related Web page.