Ed Felten at Princeton has posted an startling review of a copy-protection scheme called XPC2, currently being used on some Sony BMG albums. The program buries deep in the PC after it auto-installs upon insertion of the CD. Maliciously, XPC2 hides its own presence so it cannot be easily uninstalled, even by system administrators. More diabolically, the program hides other programs with certain character strings in their names. Malware creators can leverage this loophole to embed invisible spyware in a computer. Felten notes that the types of programs that hide from system administrators are typically spyware and viruses.
In case you haven’t already disabled Autorun, now might be a good time.