----- Original Message -----
From: "Parker" <parker@xxxxxxxxxxxxxxxxxxxxxx>
To: "Internet News" <inter@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, November 11, 2005 9:35 AM
Subject: Internet and Technology News Viruses use Sony anti-piracy CDs
BBC NEWS
Viruses use Sony anti-piracy CDs
Virus writers are exploiting Sony's controversial anti-piracy software to
hide their
malicious creations.
In late October Sony was found to be using stealth techniques to hide
software that
stopped some of its CDs being illegally copied.
Now three virus variants have been found that use the Sony software to evade
detection
by anti-virus programs.
Sony has apologised, saying it is working with computer security firms to
address
the problems.
Viral trio
The stealthy methods that Sony BMG used to protect its anti-piracy system
were uncovered
by Windows programming expert Mark Russinovich on 31 October.
This leaves Sony in a real tangle. It was already getting bad press about
its copy-protection
software, and this new hack exploit will make it even worse
Graham Cluley, Sophos
He discovered that the Sony XCP copy protection system is a so-called
"root-kit"
that hides itself deep inside the Windows operating system.
XCP uses these techniques to install a proprietary media player that allows
PC users
to play music on the 20 CDs Sony BMG is protecting with this system. The CDs
affected
are only being sold in the US.
Soon after Mr Russinovich exposed how XCP worked security experts speculated
that
it would be easy to hijack the anti-piracy system to hide viruses.
Now anti-virus companies have discovered three malicious programs that use
XCP's
stealthy capabilities if they find it installed on a compromised PC.
"The development we feared most from Sony's inclusion of rootkit technology
to conceal
its DRM software was its use to conceal malicious code," said David Emm from
security
firm Kaspersky Labs.
"Unfortunately, it seems our fears were well-grounded."
Backdoor virus
Security firm Sophos said it had found a virus attached to a spam message
posing
as an e-mail from a British business magazine. The subject line of the
message is:
"Photo Approval Deadline".
Those opening and running the program attached to the mail will have their
computer
infected with the Stinx-E trojan. The virus is also known as Breplibot and
Ryknos.
This virus opens a backdoor into infected machines and tries to download
more malicious
code from the net to further compromise an infected machine.
A bug in the code of the first variant of this virus prevented it working
properly
but now other versions of the malicious program are appearing that fix this
problem.
So far the numbers of people caught out by the virus is thought to be very
low.
"This leaves Sony in a real tangle," said Graham Cluley from security firm
Sophos.
"It was already getting bad press about its copy-protection software, and
this new
hack exploit will make it even worse."
Mr Cluley said he expected other virus writers to start exploiting the Sony
XCP code.
In response to the concerns, Sony has released a statement "deeply
regretting any
disruption that this may have caused." It added that it would work with
anti-virus
firms to ensure its anti-piracy system stayed safe.
As the news about the viruses was breaking, more legal challenges to Sony's
use of
the anti-piracy program were being launched.
At last count six class-action lawsuits have been started against the
company.
As the Boycott Sony blog pointed out, the appearance of these viruses could
make
it much easier for lawyers to argue that the XCP software can cause real
harm to
a user's computer.
Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/4427606.stm
Published: 2005/11/11 11:11:05 GMT
© BBC MMV
We supply this information as a service and do not endorse it or recommend any action being taken based upon it. Any decisions taken, by the subscriber, are entirely your own responsibility. This is an announce only list. All replies will go only to the list moderator. To unsubscribe from this list, press Enter on the link below. A pre-addressed message will pop up, simply send it. mailto:inter@xxxxxxxxxxxxxxxxxxxxxx?subject=unsubscribe If you wish to recommend this list to a friend, send the following link to them. mailto:inter@xxxxxxxxxxxxxxxxxxxxxx?subject=subscribe We hope that you're enjoying this list. www.accessible-devices.com
__________ NOD32 1.1283 (20051110) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
