To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/malware/0,3800003100,39154102,00.htm

New Trojan exploits Sony DRM anti-piracy tool
Are UK firms in danger?

By Dan Ilett

Published: Thursday 10 November 2005

Antivirus firms are reporting that masses of emails containing a Trojan that exploits Sony's digital rights management (DRM) program are circulating on the internet.

The Trojan, dubbed Stinx, has been mass-mailed to UK email addresses but is able to hide itself if a computer has Sony's controversial anti-piracy rootkit program installed, which is embedded on some CDs.

Graham Cluley, senior technology consultant for security firm Sophos, said: "By installing Sony's software it opens a vulnerability that hackers can exploit and in this case they have. From that point of view it is a bad thing regardless of the fact that it stops people stealing music."

Cluley said the spam seemed to be targeting UK businesses.

However, a spokesman from Sony said that European CDs have no copy protection software on them. He said: "I don't know how it would get onto UK computers. The only way it could happen is if you buy something from America. We are talking about a couple of copies in hundreds of thousands."

Earlier this month, security researcher Mark Russinovich told the BBC that Sony CDs are installing rootkits on PCs to stop people from copying music illegally. Rootkits are tools commonly used by hackers to embed malicious code into a computer.

Sophos is advising its customers to be cautious whether they have the Sony program installed or not, as Cluley said many people would not know if it's on their systems.

Once loose on a computer, the Trojan copies itself to a file called "$sys$drv.exe". Any file with a "$sys$" name cloaks itself using Sony's copy-protection code, thus making the malicious file invisible.