11-11-2005, 07:45 PM
(This post was last modified: 11-11-2005, 11:41 PM by Phantom_RAcast.)
Update
AMSTERDAM (Reuters) - A computer security firm said on Thursday it had discovered the first virus that uses music publisher Sony BMG's (6758.T) controversial CD copy-protection software to hide on PCs and wreak havoc.
ADVERTISEMENT
Under a subject line containing the words "Photo approval," a hacker has mass-mailed the so-called Stinx-E trojan virus to British email addresses, said British anti-virus firm Sophos.
When recipients click on an attachment, they install malware, which may tear down a computer's firewall and give hackers access to a PC. The malware hides by using Sony BMG software that is also hidden -- the software would have been installed on a computer when consumers played Sony's copy-protected music CDs.
"This leaves Sony in a real tangle. It was already getting bad press about its copy-protection software, and this new hack exploit will make it even worse," said Sophos's Graham Cluley.
Later on Thursday, security software firm Symantec Corp. (Nasdaq: SYMC - news) also discovered the first trojans to abuse the security flaw in Sony BMG's copy-protection software. A trojan is a program that appears desirable but actually contains something harmful.
Sony BMG's spokesman John McKay in New York was not immediately available to comment.
The music publishing venture of Japanese electronics conglomerate Sony Corp. (6758.T) and Germany's Bertelsmann AG (BERT.UL) is distributing the copy-protection software on a range of recent music compact disks (CDs) from artists such as Celine Dion and Sarah McLachlan.
When the CD is played on a Windows personal computer, the software first installs itself and then limits the usage rights of a consumer. It only allows playback with Sony software.
The software sparked a class action lawsuit against Sony in California last week, claiming that Sony has not informed consumers that it installs software directly into the "roots" of their computer systems with rootkit software, which cloaks all associated files and is dangerous to remove.
Sophos said it would have a tool to disable the copy protection software available later on Thursday.
Sony BMG made a patch available on its Web site on Tuesday that rids a PC from the "cloaking" element that is part of the copy-protection software, while claiming that "the component is not malicious and does not compromise security."
The patch does not disable the copy protection itself.
The Sony copy-protection software does not install itself on
Macintosh computers or ordinary CD and DVD players.
http://news.yahoo.com/s/nm/20051110/tc_nm/sony_hack_dc
More
The decision by the music label comes after 10 days of controversy around the technology, which is designed to limit the number of copies that can be made of the CD and to prevent a computer user from making unprotected MP3s of the music.
Security experts blasted the technology because it uses "rootkit" techniques to hide itself on hard drives and could be used by virus writers to make their malicious code invisible. The first remote-control Trojan horses that took advantage of the cloak provided by Sony BMG surfaced this week.
"We are aware that a computer virus is circulating that may affect computers with XCP content protection software," the record label said in a statement Friday. "We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists. Nonetheless, as a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology."
Microsoft fine-tuning Internet ad push
Internet showdown in Tunis
OpenDocument gathers steam
Bad capacitors plague PCs
Delivering the Net with the gas
Previous Next
The company said it is not halting production of all discs that contain additional copy-protection technologies. It also uses antipiracy technology from SunnComm and will keep manufacturing CDs carrying that software, a Sony BMG representative said.
The XCP software, created by U.K.-based First 4 Internet, is included on a limited number of Sony BMG titles, including recent releases from My Morning Jacket and Southern rockers Van Zant. When the discs are played on a computer, the listener is asked to click through a consent form and install the copy-protection software.
In response to the firestorm of criticism around the copyright protection software, Sony BMG has also provided a patch to fix the security problem and still allow CDs to be played on computers. Some antivirus software also detects the Sony BMG tool and can help users protect their PCs.
http://news.com.com/2100-1029_3-5946825.html
AMSTERDAM (Reuters) - A computer security firm said on Thursday it had discovered the first virus that uses music publisher Sony BMG's (6758.T) controversial CD copy-protection software to hide on PCs and wreak havoc.
ADVERTISEMENT
Under a subject line containing the words "Photo approval," a hacker has mass-mailed the so-called Stinx-E trojan virus to British email addresses, said British anti-virus firm Sophos.
When recipients click on an attachment, they install malware, which may tear down a computer's firewall and give hackers access to a PC. The malware hides by using Sony BMG software that is also hidden -- the software would have been installed on a computer when consumers played Sony's copy-protected music CDs.
"This leaves Sony in a real tangle. It was already getting bad press about its copy-protection software, and this new hack exploit will make it even worse," said Sophos's Graham Cluley.
Later on Thursday, security software firm Symantec Corp. (Nasdaq: SYMC - news) also discovered the first trojans to abuse the security flaw in Sony BMG's copy-protection software. A trojan is a program that appears desirable but actually contains something harmful.
Sony BMG's spokesman John McKay in New York was not immediately available to comment.
The music publishing venture of Japanese electronics conglomerate Sony Corp. (6758.T) and Germany's Bertelsmann AG (BERT.UL) is distributing the copy-protection software on a range of recent music compact disks (CDs) from artists such as Celine Dion and Sarah McLachlan.
When the CD is played on a Windows personal computer, the software first installs itself and then limits the usage rights of a consumer. It only allows playback with Sony software.
The software sparked a class action lawsuit against Sony in California last week, claiming that Sony has not informed consumers that it installs software directly into the "roots" of their computer systems with rootkit software, which cloaks all associated files and is dangerous to remove.
Sophos said it would have a tool to disable the copy protection software available later on Thursday.
Sony BMG made a patch available on its Web site on Tuesday that rids a PC from the "cloaking" element that is part of the copy-protection software, while claiming that "the component is not malicious and does not compromise security."
The patch does not disable the copy protection itself.
The Sony copy-protection software does not install itself on
Macintosh computers or ordinary CD and DVD players.
http://news.yahoo.com/s/nm/20051110/tc_nm/sony_hack_dc
More
The decision by the music label comes after 10 days of controversy around the technology, which is designed to limit the number of copies that can be made of the CD and to prevent a computer user from making unprotected MP3s of the music.
Security experts blasted the technology because it uses "rootkit" techniques to hide itself on hard drives and could be used by virus writers to make their malicious code invisible. The first remote-control Trojan horses that took advantage of the cloak provided by Sony BMG surfaced this week.
"We are aware that a computer virus is circulating that may affect computers with XCP content protection software," the record label said in a statement Friday. "We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists. Nonetheless, as a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology."
Microsoft fine-tuning Internet ad push
Internet showdown in Tunis
OpenDocument gathers steam
Bad capacitors plague PCs
Delivering the Net with the gas
Previous Next
The company said it is not halting production of all discs that contain additional copy-protection technologies. It also uses antipiracy technology from SunnComm and will keep manufacturing CDs carrying that software, a Sony BMG representative said.
The XCP software, created by U.K.-based First 4 Internet, is included on a limited number of Sony BMG titles, including recent releases from My Morning Jacket and Southern rockers Van Zant. When the discs are played on a computer, the listener is asked to click through a consent form and install the copy-protection software.
In response to the firestorm of criticism around the copyright protection software, Sony BMG has also provided a patch to fix the security problem and still allow CDs to be played on computers. Some antivirus software also detects the Sony BMG tool and can help users protect their PCs.
http://news.com.com/2100-1029_3-5946825.html
"An eye for an eye makes whole world blind" - Gandhi
![[Image: 1142118JykvC.png]](http://armory.mmo-champion.com.nyud.net:8080/sig.php/1142118JykvC.png)