The release of a Trojan horse that exploits Sony’s controversial copy
‘cloaking’ tool is raising fears among users and music lovers around the
The Tro/Stinx-E Trojan horse is being spammed out, attempting to take
advantage of a flaw in Sony’s Digital Rights Management (DRM) tools. The
DRM code is installed when a user plays one the music giant’s
copy-protected CDs in a computer. The tool hides itself on hard drives,
but it opens a backdoor on the computer, allowing malware to work its way
The Stinx-E Trojan arrives as an attachment. If it is opened and run, the
Trojan copies itself onto a file called $sys$drv.exe, according to
analysts at Sophos, Inc., an anti-virus company with U.S. headquarters in
Lynnfield, Mass. Any file with $sys$ in its name is then automatically
hidden by Sony’s copy-protection code, making it invisible on computers
which have used CDs carrying Sony’s cloaking tool.
”I don’t think people at the moment are being infected,” says Graham
Cluley, senior technology consultant for Sophos. ”The fear is what other
malware could be written to exploit the vulnerability. It’s not a problem
you get from opening a dodgy email. You get it from listening to a Celine
Dion CD or Ricky Martin.”
The subject line on the spammed email is: Photo Approval Deadline.
While the Trojan, which was first spotted in the wild on Thursday
morning, didn’t work well, others followed it that worked better.
Sony’s use of the DRM tools has caused an uproar, setting blogs and chat
rooms ablaze with criticism. ”There’s outrage amongst people because
there’s software going around on CDs that make them vulnerable to future
attacks,” Cluley told eSecurityPlanet. ”I think it is opening a
security vulnerability on people’s computers. It’s not a good way to
fight music piracy. We want to keep artists in business. We like to think
that people’s artistic work would be protected but not at the cost of
making people insecure. The way they did this was inept.”
Sophos ran a poll on its Website, asking if Sony’s use of DRM coding is a
fair way to fight music piracy or is it posing a threat to users. As of
late Friday morning, Cluley says 98 percent of respondents said it is a
According to figures at Sophos, about 20 different CDs have been
outfitted with DRM coding. Two million of them have been shipped —
mainly to the United States.
”It’s very trivial for the virus writers and hackers to take advantage
of this vulnerability,” adds Cluley. ”I think people will be nervous.
And I think the artists are getting hit too, because people aren’t buying
their CDs — not because of the music, but because of the software.”