• news
  • FRIDAY NOVEMBER 11 2005 12:00 PM

Sony DRM used to deliver virus

Submitted by aegies

Edited by WilWheaton

Most of us knew it was only a matter of time til it happened; I just don't know that any of us thought it would happen quite this soon. Sony BMG's recent DRM addition to their new CDs uses a hacker rootkit to hide its files from detection. Now, as predicted recently when the nature of the Sony DRM scheme was revealed, the software that started with virus and hacker methodology has come full circle: a virus has been created that uses the DRM rootkit as an infection vector:

A computer security firm said Thursday it had discovered the first virus that uses music publisher Sony BMG's controversial CD copy-protection software to hide on PCs and wreak havoc.

Under a subject line containing the words "Photo approval," a hacker has mass-mailed the so-called Stinx-E trojan virus to British email addresses, said British anti-virus firm Sophos.

When recipients click on an attachment, they install malware, which may tear down a computer's firewall and give hackers access to a PC. The malware hides by using Sony BMG software that is also hidden -- the software would have been installed on a computer when consumers played Sony's copy-protected music CDs.

"This leaves Sony in a real tangle. It was already getting bad press about its copy-protection software, and this new hack exploit will make it even worse," said Sophos's Graham Cluley.

Later on Thursday, security software firm Symantec Corp. also discovered the first trojans to abuse the security flaw in Sony BMG's copy-protection software. A trojan is a program that appears desirable but actually contains something harmful.

Sony BMG's spokesman John McKay in New York was not immediately available to comment.

For a quite a while, trouble has been brewing over consumer's rights vs. DRM. Sony may have actually done all of us fair use proponents a huge unintentional favor.

SGNews reader Jake_Lex also submitted this story, with the following observation:

"Here's the worst part of all this to me: if you illegally downloaded any of those CD's with the DRM software off a P2P network, your computer is fine. If you bought it at the store and played by Sony's rules, your computer is infected with malware that is actively being used by some to spoil your system.

Nice job, Sony."

Nice job, indeed. -Ed.

  • PERMALINK
  • PRINT
  • Digg This
  • Email To A Friend
 
Comments
psychomike

psychomike

I'm lost
February 2003

NOV 11, 2005 12:41 PM

Nice job. What else is there to say?

Telltale

Telltale

USA
May 2004

NOV 11, 2005 01:08 PM

"Here's the worst part of all this to me: if you illegally downloaded any of those CD's with the DRM software off a P2P network, your computer is fine. If you bought it at the store and played by Sony's rules, your computer is infected with malware that is actively being used by some to spoil your system."

-Iiiiirony!

venomkid

venomkid

I'm lost
January 2003

NOV 11, 2005 01:49 PM

JayHawk said:
"Here's the worst part of all this to me: if you illegally downloaded any of those CD's with the DRM software off a P2P network, your computer is fine. If you bought it at the store and played by Sony's rules, your computer is infected with malware that is actively being used by some to spoil your system."

-Iiiiirony!



This is the core contradiction of DRM.

It only hurts the legitimate users.

galahad

galahad

Los Angeles, CA
November 2003

NOV 11, 2005 10:55 PM

Any of these schemes will fail when it comes to professional pirates.If hi fidelity content (audio or video) can be played on ordinary monitors (screen or audio amplifiers) it can be reencoded and re-distributed.This, even disregarding any possible fiddling with the digital signal. But legitimate useras will be inconvenienced no end, as well as perhaps a handful of hackers without the savvy or the patience to oveercome these hurdles.

featured interviews