boston.com Business your connection to The Boston Globe
Home News A&E Business Sports Travel Your Life Cars Jobs Search the Personals Real estate
Personal Tech    Markets    Your Money    Technology    Healthcare    Columnists    Latest news    Message Boards

Computer worm exploits software on Sony's CDs

By Hiawatha Bray, Globe Staff  |  November 11, 2005

People who bought music CDs from Sony BMG Music Entertainment may have exposed themselves to a dangerous new computer worm.

Symantec Corp., the leading maker of antivirus software, said the worm has infected computers that played Sony BMG recordings. Two other antivirus firms, BitDefender Labs and Sophos PLC, also issued warnings yesterday.

The Sony BMG disks install software that is supposed to prevent the user from making illicit copies of the music and distributing them over the Internet. But the anticopying software conceals itself so that the computer user can't easily remove it.

Now someone has written a ''Trojan horse" program that exploits this feature of the Sony BMG software. The program, which is spread through spam e-mails, uses the Sony BMG code to hide itself. Then the Trojan horse uses the Internet to contact its creators for further instructions.

''By enabling an infected machine to be remotely controlled, this threat opens up the user's identity and computer for potentially malicious purposes," said Vincent Weafer, senior director of Symantec Security Response.

Attackers could, for example, order the Trojan horse to copy and transmit personal information. Or they could make the computer send spam messages to other Internet computers, or launch ''denial of service" attacks that could put major Internet services out of commission. Criminals have launched such attacks against businesses, demanding protection money.

Symantec Corp. said it has received three reports of machines infected by the worm. The company does not expect it to spread rapidly. Sony officials say that only about 20 of the company's CDs contain the software. Sony has also issued a downloadable patch that is supposed to stop the security software from concealing itself, or any other programs.

Symantec and other antivirus companies are preparing software that will clean up both the Sony BMG program and the Trojan horse software that exploits it.

Sony has faced intense criticism from computer security experts and consumers for adding the software to popular music titles in an effort to prevent illegal duplication of copyrighted songs. The company's critics say the anticopying program is also spyware.

Hiawatha Bray can be reached at bray@globe.com.

© Copyright 2006 Globe Newspaper Company.
SEARCH THE ARCHIVES
 
Today (free)
Yesterday (free)
Past 30 days
Last 12 months
 Advanced search / Historic Archives
feedback form | help | site index | globe archives | rss
© 20 The New York Times Company