First Trojan using Sony DRM spotted

Oops here we go it's started already !


Virus writers have begun taking advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its music CDs.

The malware arrives attached in an email, which pretends to come from a reputable business magazine, asking the businessman to verify his/her "picture" to be used for the December issue. If the malicious payload contained in this email is executed then the Trojan installs an IRC backdoor on affected Windows systems.

http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/


StevieO

 

Gee, what a surprise..

 

This makes spotting it easy, since most people dont have the rookit. )

 

Hm, I dunno.. I think there's a lot of people listening to those CDs, and I'm sure most of them have a computer. It certainly does make it easier for us, though.

Seems to me that Sony's investors need to be made aware of this

 

New backdoor program uses Sony rootkit

Kaspersky Lab, a leading developer of secure content management solutions that protect against viruses, Trojans, worms, spyware, hacker attacks and spam announces that a new backdoor program has been detected. This is the first malicious program to use Sony rootkit technology to hide its presence in the system.
The media has already written extensively about how Sony BMG applied rootkit technology to hide and protect DRM components used to prevent disks from being copied. One highly unfortunate effect of Sony's decision to use this rootkit was the possibility that malicious programs might implement the same technology. Kaspersky Lab virus analysts can confirm that this has now happened.
Today a backdoor program which utilizes the rootkit technology was detected. Kaspersky Lab classifies the program as Backdoor.Win32.Breplibot.b. The backdoor was mass mailed using spamming technologies, and attached to a message which uses classic social engineering techniques to entice the recipient into launching the attachment. The attachment allegedly contains a photograph. Once the user launches the attached file, the backdoor code will penetrate the victim machine.
Breplibot.b is a file 10240 bytes in size, packed using UPX. When launching, the backdoor copies itself to the Windows system directory as $SYS$DRV.EXE. Using this name makes it possible for the Sony rootkit technology to be used to hide the activity of the malicious program. Of course, the backdoor's activity will only be hidden if DRM protection, as used on some Sony Audio CDs, functions on the victim machine.
As usual, Kaspersky Lab warns users to be careful, and not to open email from unknown senders, or open attachments to suspicious messages.
Kaspersky Anti-Virus databases have been updated to detect Backdoor.Win32.Breplibot.b. Further information about the backdoor is available in Analyst's Diary, the Kaspersky Virus Lab weblog.
About Kaspersky Lab


Kaspersky Lab (www.kaspersky.com) develops, produces and distributes secure content management solutions that protect customers from IT threats. Kaspersky Lab's products protect both home users and corporate networks from viruses, spyware, adware, Trojans, worms, hackers and spam. For many years now, the company has waged a battle against malicious programs, and in doing so has gained unique knowledge and skills that have resulted in Kaspersky Lab becoming a technology leader and acknowledged expert in the development of secure content management solutions. Today, Kaspersky Lab's products protect more than 200 million users worldwide and its technology is licensed by leading security vendors globally. To find out more about Kaspersky Lab, visit www.kaspersky.com.

http://www.kaspersky.com/news?id=173737204

​

 

Attempted removal of Sony's rootkit causes real problems of it's own. http://www.theglobeandmail.com/servlet/story/RTGAM.20051111.gtsony1111/BNStory/Technology/

 

The Sony website attempts to install an ActiveX control which is generally considered a security problem. The process purporting to remove the XCP applications requires users to reveal their identity, their e-mail address, the albums and artists purchased and the place of purchase, and requires use of an ActiveX Control which sends out unknown data to First4Internet, the maker of rootkit and spyware products for Sony.

I used to really like Sony Corp, TVs, Films, Playstation, but now i feel real anger that they did this, and they will most likely get away with it!!

 

I hope not.

This might well be one of the first real face offs btwn the webizens and an amoral ruthless profit driven multinational; who nonetheless makes otherwise good products.

Where is the equivalent of CLERP for this type of shenanigan?
There is enough stirring in the web ( a simple 'sony rootkit' google gets 7 million hits = multi mllion reads ) to cause real pain for Sony and a serious wake-up for the other conglomerates.

Look at that new doco about Wal_Mart; seriously stirring the pot.
http://www.usatoday.com/money/industries/retail/2005-10-26-wal-mart-film-usat_x.htm

If we act together we can make a difference.

This forum does!

Regards