[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Saturday, 12 November 2005, 06:05 GMT
Sony stops making anti-piracy CDs
Natasha Bedingfield
The CDs affected in the US include Natasha Bedingfield's Unwritten
Sony has said it will suspend the production of music CDs with anti-piracy technology which can leave computers vulnerable to viruses.

The move came after security firms said hackers were exploiting the software to hide their creations.

The software has been used by viruses to evade detection by anti-virus programs and infect computers.

Sony said it had a right to stop people illegally copying music, but added that the halt was precautionary.

"We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said in a statement.

Viral trio

In late October Sony BMG was found to be using stealth techniques to hide software that stopped some of its CDs being illegally copied.

Windows programming expert Mark Russinovich discovered that the Sony XCP copy protection system was a so-called "root-kit" that hid itself deep inside the Windows operating system.

XCP uses these techniques to install a proprietary media player that allows PC users to play music on the 20 CDs Sony BMG is protecting with this system. The CDs affected are only being sold in the US.

Soon after Mr Russinovich exposed how XCP worked security experts speculated that it would be easy to hijack the anti-piracy system to hide viruses.

Now anti-virus companies have discovered three malicious programs that use XCP's stealthy capabilities if they find it installed on a compromised PC.

Backdoor virus

Security firm Sophos said it had found a virus attached to a spam message posing as an e-mail from a British business magazine. The subject line of the message is: "Photo Approval Deadline".

Those opening and running the program attached to the mail will have their computer infected with the Stinx-E trojan. The virus is also known as Breplibot and Ryknos.

CD being put in PC, BBC
Sony was trying to stop illegal copying of its CDs
This virus opens a backdoor into infected machines and tries to download more malicious code from the net to further compromise an infected machine.

A bug in the code of the first variant of this virus prevented it working properly but now other versions of the malicious program are appearing that fix this problem.

So far the numbers of people caught out by the virus is thought to be very low.

Graham Cluley from Sophos said he expected other virus writers to start exploiting the Sony XCP code.

Sony apologised, saying it was working with computer security firms to address the problems.

The news came as more legal challenges to Sony's use of the anti-piracy program were being launched.

At last count, at least six class-action lawsuits have been started against the company.

As the Boycott Sony blog pointed out, the appearance of these viruses could make it much easier for lawyers to argue that the XCP software can cause real harm to a user's computer.

Viruses use Sony anti-piracy CDs
11 Nov 05 |  Technology
The rootkit of all evil?
04 Nov 05 |  Technology
Sony slated over anti-piracy CD
03 Nov 05 |  Technology
Sony sued over copy-protected CDs
10 Nov 05 |  Technology
Sony tries to patch up piracy row
07 Nov 05 |  Technology
Worm affects AOL instant messages
01 Nov 05 |  Technology
Mercy shown over hacker sentence
04 Nov 05 |  England

The BBC is not responsible for the content of external internet sites


Americas Africa Europe Middle East South Asia Asia Pacific