Posted on 11/11/2005 10:12:11 AM PST by savedbygrace
10 November 2005
The Trojan horse exploits a vulnerability introduced by Sony's CD copy protection software. |
Experts at SophosLabs™, Sophos's global network of virus and spam analysis centres, have detected a new Trojan horse that exploits the controversial Sony DRM (Digital Rights Management) copy protection included on some of the music giant's CDs.
The Troj/Stinx-E Trojan horse appears to have been deliberately spammed out to email addresses, posing as a message from a British business magazine.
Typical emails look as follows:
Subject: Photo Approval Deadline
Message body:
Hello,
Your photograph was forwarded to us as part of an article we are publishing for our December edition of Total Business Monthly. Can you check over the format and get back to us with your approval or any changes? If the picture is not to your liking then please send a preferred one. We have attached the photo with the article here.
If the attached program is run, the Trojan horse copies itself to a file called $sys$drv.exe. Any file with $sys$ in its name is automatically cloaked by Sony's copy-protection code, making it invisible on computers which have used CDs carrying Sony's copy protection.
"Despite its good intentions in stopping music piracy, Sony's DRM copy protection has opened up a vulnerability which hackers and virus writers are now exploiting," said Graham Cluley, senior technology consultant for Sophos. "We wouldn't be surprised if more malware authors try and take advantage of this security hole, and consumers and businesses alike would be sensible to protect themselves at the earliest opportunity."
Have your say
Is Sony's DRM copy protection
a fair way to fight music pirates? a security threat?
|
Sophos has issued a tool which will detect the existence of Sony's DRM copy-protection on Windows computers, disable its "cloaking" function, and prevent that functionality from re-installing. The tool also detects versions of the Troj/Stinx Trojan horse which exploit the Sony vulnerability.
"Sophos is acting on customers' concern that the software on Sony's CDs is introducing a vulnerability which hackers and virus writers are able to exploit," explained Cluley. "We will give customers the ability to determine if their computers suffer from the vulnerability and remove it if necessary."
Sophos recommends that businesses ensure their computers are kept automatically up-to-date with the very latest anti-virus software.
Here's how you can protect yourself:
Step 1: Disable the preview pane in Outlook and/or Outlook Express.
Step 2: Don't use Outlook and/or Outlook Express.
That should cover all of the bases, but as a precaution I would recommend deleting spam without reading it. Your body parts are fine just like they are.
Your body parts are fine just like they are.Really? : )
That's just silly - Outlook and OE haven't autorun scripts or executables since Office 97.
Trojan.... protection.....
Maybe I am silly. In fact I'm pretty sure that I am, but my computers work.
That's exactly why I wave a dead chicken over my machines every morning - it may be silly, but my computers work ;)
I use live chickens. That's just a cultural difference and it doesn't mean that either of us is wrong. At least our computers work.
Fair enough :)
I thought you had to kill them and let the blood drain on the keyboard. I've been had.
You must go through a lot of keyboards. I just wait until they die and then pour a 40 ouncer over them...
LOL.
Confusing, ain't it?
How about just not buying any more Sony CDs with their attached malware. MS-hating twit.
I don't hate Microsoft and I'm not a twit, but you are very mean spirited. Fortunately I'm used to it. I get more hate mail before daylight than most people get all day long.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.