A Trojan horse program has been discovered that hooks into Sony’s controversial DRM copy protection software to hide itself on any PC it infects.
The Troj/Stinx-E malware attacks PCs via email, with a message asking users to open an attached picture. Running this causes a file to be copied to the hard disk using the same “$sys$” prefix used by Sony’s DRM program. This hides the file on any system already loaded with Sony’s protection software.
The chance of infection for ordinary computer users is low, but the news is yet another embarrassing development to have come out of Sony’s clumsy use of digital rights management (DRM) software.
Almost two weeks ago, the company was found to have engineered its DRM software to protect a music CD from piracy using techniques more often associated with criminal spyware. Since then, public pressure has forced the company to make available a tool to uncloak and de-install its spyware-mimicking program, and has even had to face the threat of legal action in Italy over its behavior. Anti-virus vendors have produced special tools to deal with the software.
“Despite its good intentions in stopping music piracy, Sony’s DRM copy protection has opened up a vulnerability which hackers and virus writers are now exploiting,” said Graham Cluley of Sophos, which published details of the Troj/Stinx-E Trojan.
“We wouldn’t be surprised if more malware authors try and take advantage of this security hole, and consumers and businesses alike should protect themselves at the earliest opportunity,” he said.