The Tro/Stinx-E Trojan horse is being spammed out, attempting to take advantage of a flaw in Sony's Digital Rights Management (DRM) tools. The DRM code is installed when a user plays one the music giant's copy-protected CDs in a computer. The tool hides itself on hard drives, but it opens a backdoor on the computer, allowing malware to work its way in.
The Stinx-E Trojan arrives as an attachment. If it is opened and run, the Trojan copies itself onto a file called $sys$drv.exe, according to analysts at Sophos, Inc., an anti-virus company with U.S. headquarters in Lynnfield, Mass. Any file with $sys$ in its name is then automatically hidden by Sony's copy-protection code, making it invisible on computers which have used CDs carrying Sony's cloaking tool.
''I don't think people at the moment are being infected,'' says Graham Cluley, senior technology consultant for Sophos. ''The fear is what other malware could be written to exploit the vulnerability. It's not a problem you get from opening a dodgy email. You get it from listening to a Celine Dion CD or Ricky Martin.''
The subject line on the spammed email is: Photo Approval Deadline.
While the Trojan, which was first spotted in the wild on Thursday morning, didn't work well, others followed it that worked better.
Sony's use of the DRM tools has caused an uproar, setting blogs and chat rooms ablaze with criticism. ''There's outrage amongst people because there's software going around on CDs that make them vulnerable to future attacks,'' Cluley told eSecurityPlanet. ''I think it is opening a security vulnerability on people's computers. It's not a good way to fight music piracy. We want to keep artists in business. We like to think that people's artistic work would be protected but not at the cost of making people insecure. The way they did this was inept.''
Sophos ran a poll on its Website, asking if Sony's use of DRM coding is a fair way to fight music piracy or is it posing a threat to users. As of late Friday morning, Cluley says 98 percent of respondents said it is a security threat.
According to figures at Sophos, about 20 different CDs have been outfitted with DRM coding. Two million of them have been shipped -- mainly to the United States.
''It's very trivial for the virus writers and hackers to take advantage of this vulnerability,'' adds Cluley. ''I think people will be nervous. And I think the artists are getting hit too, because people aren't buying their CDs -- not because of the music, but because of the software.''