The Stinx-E trojan appears to have been deliberately spammed out to email addresses, posing as a message from a British business magazine. When run it copies itself to a file called $sys$drv.exe. Any file with $sys$ in its name is automatically cloaked by Sony's copy-protection code, making it invisible on computers which have used CDs carrying Sony's copy protection application.
As reported in SC Magazine, security companies have begun to classify the DRM code as spyware.
"Despite its good intentions in stopping music piracy, Sony's DRM copy protection has opened up a vulnerability that hackers and virus writers are now exploiting," said Graham Cluley, senior technology consultant for Sophos.
"We wouldn't be surprised if more malware authors try and take advantage of this security hole, and consumers and businesses alike should protect themselves at the earliest opportunity."
Cluley advised companies to adopt an email gateway policy to protect against new email threats before antivirus updates are available.
