Wednesday, October 20, 2021

Trojan Exploits Sony’s DRM Flaw

The release of a Trojan horse that exploits Sony’s controversial copy

‘cloaking’ tool is raising fears among users and music lovers around the

globe.

The Tro/Stinx-E Trojan horse is being spammed out, attempting to take

advantage of a flaw in Sony’s Digital Rights Management (DRM) tools. The

DRM code is installed when a user plays one the music giant’s

copy-protected CDs in a computer. The tool hides itself on hard drives,

but it opens a backdoor on the computer, allowing malware to work its way

in.

The Stinx-E Trojan arrives as an attachment. If it is opened and run, the

Trojan copies itself onto a file called $sys$drv.exe, according to

analysts at Sophos, Inc., an anti-virus company with U.S. headquarters in

Lynnfield, Mass. Any file with $sys$ in its name is then automatically

hidden by Sony’s copy-protection code, making it invisible on computers

which have used CDs carrying Sony’s cloaking tool.

”I don’t think people at the moment are being infected,” says Graham

Cluley, senior technology consultant for Sophos. ”The fear is what other

malware could be written to exploit the vulnerability. It’s not a problem

you get from opening a dodgy email. You get it from listening to a Celine

Dion CD or Ricky Martin.”

The subject line on the spammed email is: Photo Approval Deadline.

While the Trojan, which was first spotted in the wild on Thursday

morning, didn’t work well, others followed it that worked better.

Sony’s use of the DRM tools has caused an uproar, setting blogs and chat

rooms ablaze with criticism. ”There’s outrage amongst people because

there’s software going around on CDs that make them vulnerable to future

attacks,” Cluley told eSecurityPlanet. ”I think it is opening a

security vulnerability on people’s computers. It’s not a good way to

fight music piracy. We want to keep artists in business. We like to think

that people’s artistic work would be protected but not at the cost of

making people insecure. The way they did this was inept.”

Sophos ran a poll on its Website, asking if Sony’s use of DRM coding is a

fair way to fight music piracy or is it posing a threat to users. As of

late Friday morning, Cluley says 98 percent of respondents said it is a

security threat.

According to figures at Sophos, about 20 different CDs have been

outfitted with DRM coding. Two million of them have been shipped —

mainly to the United States.

”It’s very trivial for the virus writers and hackers to take advantage

of this vulnerability,” adds Cluley. ”I think people will be nervous.

And I think the artists are getting hit too, because people aren’t buying

their CDs — not because of the music, but because of the software.”

Similar articles

Latest Articles