Hackers Use Sony Software to Hide Inside Personal Computers

AMSTERDAM (Nov. 10) - A computer security firm said Thursday it had discovered the first virus that uses music publisher Sony BMG`s controversial CD copy-protection software to hide on PCs and wreak havoc.

Under a subject line containing the words ``Photo approval,`` a hacker has mass-mailed the so-called Stinx-E trojan virus to British email addresses, said British anti-virus firm Sophos.

When recipients click on an attachment, they install malware, which may tear down a computer`s firewall and give hackers access to a PC. The malware hides by using Sony BMG software that is also hidden -- the software would have been installed on a computer when consumers played Sony`s copy-protected music CDs.

``This leaves Sony in a real tangle. It was already getting bad press about its copy-protection software, and this new hack exploit will make it even worse,`` said Sophos`s Graham Cluley.

Later on Thursday, security software firm Symantec Corp. also discovered the first trojans to abuse the security flaw in Sony BMG`s copy-protection software. A trojan is a program that appears desirable but actually contains something harmful.

Sony BMG`s spokesman John McKay in New York was not immediately available to comment.

The music publishing venture of Japanese electronics conglomerate Sony Corp. and Germany`s Bertelsmann AG is distributing the copy-protection software on a range of recent music compact disks (CDs) from artists such as Celine Dion and Sarah McLachlan.

When the CD is played on a Windows personal computer, the software first installs itself and then limits the usage rights of a consumer. It only allows playback with Sony software.

The software sparked a class action lawsuit against Sony in California last week, claiming that Sony has not informed consumers that it installs software directly into the ``roots`` of their computer systems with rootkit software, which cloaks all associated files and is dangerous to remove.

Sophos said it would have a tool to disable the copy protection software available later on Thursday.

Sony BMG made a patch available on its Web site on Tuesday that rids a PC from the ``cloaking`` element that is part of the copy-protection software, while claiming that ``the component is not malicious and does not compromise security.``

The patch does not disable the copy protection itself.

The Sony copy-protection software does not install itself on Macintosh computers or ordinary CD and DVD players.

11/10/05 15:14 ET