Sony has said it will suspend the production of music CDs with anti-piracy technology which can leave computers vulnerable to viruses.
The move came after security firms said hackers were exploiting the software to hide their creations.
The software has been used by viruses to evade detection by anti-virus programs and infect computers.
Sony said it had a right to stop people illegally copying music, but added that the halt was precautionary.
“We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use,” the company said in a statement.
In late October Sony BMG was found to be using stealth techniques to hide software that stopped some of its CDs being illegally copied.
Windows programming expert Mark Russinovich discovered that the Sony XCP copy protection system was a so-called “root-kit” that hid itself deep inside the Windows operating system.
XCP uses these techniques to install a proprietary media player that allows PC users to play music on the 20 CDs Sony BMG is protecting with this system. The CDs affected are only being sold in the US.
Soon after Mr Russinovich exposed how XCP worked security experts speculated that it would be easy to hijack the anti-piracy system to hide viruses.
Now anti-virus companies have discovered three malicious programs that use XCP’s stealthy capabilities if they find it installed on a compromised PC.
Security firm Sophos said it had found a virus attached to a spam message posing as an e-mail from a British business magazine. The subject line of the message is: “Photo Approval Deadline”.
Those opening and running the program attached to the mail will have their computer infected with the Stinx-E trojan. The virus is also known as Breplibot and Ryknos.
Sony was trying to stop illegal copying of its CDs
This virus opens a backdoor into infected machines and tries to download more malicious code from the net to further compromise an infected machine.
A bug in the code of the first variant of this virus prevented it working properly but now other versions of the malicious program are appearing that fix this problem.
So far the numbers of people caught out by the virus is thought to be very low.
Graham Cluley from Sophos said he expected other virus writers to start exploiting the Sony XCP code.
Sony apologised, saying it was working with computer security firms to address the problems.
The news came as more legal challenges to Sony’s use of the anti-piracy program were being launched.
At last count six class-action lawsuits have been started against the company.
As the Boycott Sony blog pointed out, the appearance of these viruses could make it much easier for lawyers to argue that the XCP software can cause real harm to a user’s computer.