Viruses use Sony anti-piracy CDs


Inactive User
May 24, 2005
Reaction score
Down Here
Viruses use Sony anti-piracy CDs

Virus writers are exploiting Sony's controversial anti-piracy software to hide their malicious creations.

In late October Sony was found to be using stealth techniques to hide software that stopped some of its CDs being illegally copied.

Now three virus variants have been found that use the Sony software to evade detection by anti-virus programs.

Sony has apologised, saying it is working with computer security firms to address the problems.

Viral trio

The stealthy methods that Sony BMG used to protect its anti-piracy system were uncovered by Windows programming expert Mark Russinovich on 31 October.

This leaves Sony in a real tangle. It was already getting bad press about its copy-protection software, and this new hack exploit will make it even worse
Graham Cluley, Sophos

He discovered that the Sony XCP copy protection system is a so-called "root-kit" that hides itself deep inside the Windows operating system.

XCP uses these techniques to install a proprietary media player that allows PC users to play music on the 20 CDs Sony BMG is protecting with this system. The CDs affected are only being sold in the US.

Soon after Mr Russinovich exposed how XCP worked security experts speculated that it would be easy to hijack the anti-piracy system to hide viruses.

Now anti-virus companies have discovered three malicious programs that use XCP's stealthy capabilities if they find it installed on a compromised PC.

"The development we feared most from Sony's inclusion of rootkit technology to conceal its DRM software was its use to conceal malicious code," said David Emm from security firm Kaspersky Labs.

"Unfortunately, it seems our fears were well-grounded."

Backdoor virus

Security firm Sophos said it had found a virus attached to a spam message posing as an e-mail from a British business magazine. The subject line of the message is: "Photo Approval Deadline".

Those opening and running the program attached to the mail will have their computer infected with the Stinx-E trojan. The virus is also known as Breplibot and Ryknos.

This virus opens a backdoor into infected machines and tries to download more malicious code from the net to further compromise an infected machine.

A bug in the code of the first variant of this virus prevented it working properly but now other versions of the malicious program are appearing that fix this problem.

So far the numbers of people caught out by the virus is thought to be very low.

"This leaves Sony in a real tangle," said Graham Cluley from security firm Sophos.

"It was already getting bad press about its copy-protection software, and this new hack exploit will make it even worse."

Mr Cluley said he expected other virus writers to start exploiting the Sony XCP code.

In response to the concerns, Sony has released a statement "deeply regretting any disruption that this may have caused." It added that it would work with anti-virus firms to ensure its anti-piracy system stayed safe.

As the new about the viruses was breaking, more legal challenges to Sony's use of the anti-piracy program were being launched.
At last count six class-action lawsuits have been started against the company.
As the Boycott Sony blog pointed out, the appearance of these viruses could make it much easier for lawyers to argue that the XCP software can cause real harm to a user's computer.

Story from BBC NEWS:
Published: 2005/11/11 11:11:05 GMT