Experts at anti-virus vendor Sophos's global network of virus and spam analysis centres, have detected a new Trojan horse that exploits the Sony DRM (Digital Rights Management) copy protection included on some of the music giant's CDs.

According to Sophos, the Troj/Stinx-E Trojan horse appears to have been deliberately spammed out to email addresses, posing as a message from a UK business magazine with the subject "Photo Approval Deadline".
 
If the attached program is run, the Trojan horse copies itself to a file called $sys$drv.exe. Any file with $sys$ in its name is automatically "cloaked" by Sony's copy-protection software - a step which is supposed to protect the copy protection components themselves, but has much more serious consequences.
 
"If you listen to a protected CD after being hit by the Trojan, the CD automatically installs the copy protection and makes the Trojan drop out of sight," says Paul Ducklin," Sophos's head of technology for Asia Pacific. "On the other hand, if you run the Trojan after you have listened to a protected CD, the copy protection software actually gets in the way of the Trojan, which doesn't work, though this happens by accident rather than by design. So, ironically, if you listen first,
Sony will protect you from the Trojan, but if you listen second, Sony will protect the Trojan from you."
 
Ducklin, who has over 15 years' experience in the highly technical anti-virus field, says that writing effective low-level security software is not for the faint-hearted, precisely because techniques which seem strong on paper may turn out to be weak - or worse - in the real world.
 
"Security systems can be a double-edged sword, as you will be well aware if you have ever locked yourself out of your car," Ducklin says.