Sony is to stop making CDs that use specialist copy protection software after a hacker hid a virus in the software with the potential to cause havoc on users’ PCs.
The virus was found in Sony’s Extended Copy Protection program, used to protect its music from illegal copying.
The hacker mass-mailed a message with an attachment that installs malware when clicked. The malware was hidden inside Sony’s BMG software, which would have already been installed on a computer when consumers played one of Sony’s copy-protected music CDs.
The Stinx-E Trojan virus, emailed using the subject line ‘Photo approval’, installs malware when initiated, which tears down the computer’s firewall, giving hackers access to the machine.
Sony has now provided software to remove the cloaking element that enables the virus to hide inside a computer, but the software does not disable the copy protection itself. Sophos has also offered a tool to disable the copy protection software
In a bizarre spin-off from the incident, a class-action lawsuit was filed by users in
Despite the fuss, one thing remains clear. If users don’t click on an attachment from an unknown email, the malware can’t be installed. The advice is repeated over and over again, but too many still don’t get it.