Trojan Cloaks Itself Behind Sony DRM

Sony's digital rights management technology (DRM) caused an uproar due its ability to hide itself as well as its difficult removal process. Mark Russinovich first reported his discovery of Sony DRM on his own computer after purchasing a Sony BMG music CD, which required that people install Sony's music player in order to play the music on a computer. Russinovich outlined how the DRM was incredibly difficult to remove from the system. He also pointed out how if a layman tried to remove the DRM technology that doing so might actually render the system unusable.

One of the characteristics of Sony's DRM it that the associated drivers allow files to be hidden on the system using a particular naming convention, which the DRM then filters from view. In effect such hidden files won't be visibile until the drivers are removed from the system, and therein lies the rub. Trojan writers quickly picked up on this nuance and used the file cloaking functionality to hide their Trojans on people's systems, thus making detection and removal much more difficult. The good news is that such Trojans would only be a significant problem on systems that have Sony's DRM installed.

Many antivirus and antispyware solution makers have already implemented detection and removal technologies to guard against the Trojan. Some even consider Sony's DRM tecnhology to be a form of spyware. One solution maker, Sophos, has created a tool that removes Sony's DRM from the system.