Friday, November 11, 2005

Computer worm exploits software on Sony's CDs

People who bought music CDs from Sony BMG Music Entertainment may have
exposed themselves to a dangerous new computer worm.

Sign up for: Globe Headlines e-mail Breaking News Alerts Symantec
Corp., the leading maker of antivirus software, said the worm has
infected computers that played Sony BMG recordings. Two other
antivirus firms, BitDefender Labs and Sophos PLC, also issued warnings
yesterday.

The Sony BMG disks install software that is supposed to prevent the
user from making illicit copies of the music and distributing them
over the Internet. But the anticopying software conceals itself so
that the computer user can't easily remove it.
Now someone has written a ''Trojan horse" program that exploits this
feature of the Sony BMG software. The program, which is spread through
spam e-mails, uses the Sony BMG code to hide itself. Then the Trojan
horse uses the Internet to contact its creators for further
instructions.

''By enabling an infected machine to be remotely controlled, this
threat opens up the user's identity and computer for potentially
malicious purposes," said Vincent Weafer, senior director of Symantec
Security Response.

Attackers could, for example, order the Trojan horse to copy and
transmit personal information. Or they could make the computer send
spam messages to other Internet computers, or launch ''denial of
service" attacks that could put major Internet services out of
commission. Criminals have launched such attacks against businesses,
demanding protection money.

Symantec Corp. said it has received three reports of machines infected
by the worm. The company does not expect it to spread rapidly. Sony
officials say that only about 20 of the company's CDs contain the
software. Sony has also issued a downloadable patch that is supposed
to stop the security software from concealing itself, or any other
programs.

Symantec and other antivirus companies are preparing software that
will clean up both the Sony BMG program and the Trojan horse software
that exploits it.

Sony has faced intense criticism from computer security experts and
consumers for adding the software to popular music titles in an effort
to prevent illegal duplication of copyrighted songs. The company's
critics say the anticopying program is also spyware.

www.boston.com

1 comment:

Anonymous said...

Hey Fellow, you have a top-notch blog here!
If you have a moment, please have a look at my video games online site.
Good luck!