|
| The Trojan horse exploits a vulnerability
introduced by Sony's CD copy protection software. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus and spam analysis centers, have detected a new
Trojan horse that exploits the controversial
Sony DRM (Digital Rights Management) copy protection included on
some of the music giant's CDs.
The Troj/Stinx-E Trojan horse
appears to have been deliberately spammed out to email addresses,
posing as a message from a British business magazine.
Typical emails look as follows:
Subject:
Photo Approval Deadline
Message body:
Hello,
Your photograph was forwarded to us as part of an article we
are publishing for our December edition of Total Business Monthly.
Can you check over the format and get back to us with your approval
or any changes? If the picture is not to your liking then please
send a preferred one. We have attached the photo with the article
here.
If the attached program is run, the Trojan horse copies itself
to a file called $sys$drv.exe. Any file with $sys$ in its name is
automatically cloaked by Sony BMG's copy-protection code, making it
invisible on computers which have used CDs carrying Sony's copy
protection.
"Despite its good intentions in stopping music piracy, Sony's
DRM copy protection has opened up a vulnerability which hackers and
virus writers are now exploiting," said Graham Cluley, senior
technology consultant for Sophos. "We wouldn't be surprised if more
malware authors try and take advantage of this security hole, and
consumers and businesses alike would be sensible to protect
themselves at the earliest opportunity."
Detect and disable "cloaking flaw" in Sony's DRM
copy-protection
Sophos has issued a tool which will detect the existence of
Sony's DRM copy-protection on Windows computers, disable its
"cloaking" function, and prevent that functionality from
re-installing. The tool also detects versions of the Troj/Stinx
Trojan horse which exploit the Sony vulnerability.
"Sophos is acting on customers' concern that the software on
Sony's CDs is introducing a vulnerability which hackers and virus
writers are able to exploit," explained Cluley. "We will give
customers the ability to determine if their computers suffer from
the vulnerability and remove it if necessary."
Sophos recommends that businesses ensure their computers are
kept automatically up-to-date with the very latest anti-virus software.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.