Sony DRM Rootkit - collected Wilders-threads

Discussion in 'malware problems & news' started by FanJ, Nov 13, 2005.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    I thought that it might be a good idea to give a list of all the threads here at the Wilders-board about the Sony DRM Rootkit.
    Name and link of the thread is given.

    To the Mods: I wasn't sure where to post this.
    To all: please feel free to add threads that I forgot to add.

    Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management...
    https://www.wilderssecurity.com/showthread.php?t=104457

    First Trojan using Sony DRM spotted
    https://www.wilderssecurity.com/showthread.php?t=105944

    SONY.....Need info on the "Legal" rootkit
    https://www.wilderssecurity.com/showthread.php?t=104827

    can ProcessGuard protect form sony rootkit? is there secreenshot?
    https://www.wilderssecurity.com/showthread.php?t=105890

    Will NOD32 protect against First-4 (Sony/BMG) Rootkit
    https://www.wilderssecurity.com/showthread.php?t=105097
    (thread is closed)

    Is NOD32 going to detect and stop this type of thing?
    https://www.wilderssecurity.com/showthread.php?t=104672

    SONY throws in the towel ... for now.
    https://www.wilderssecurity.com/showthread.php?t=106216&

    Panda: TruPrevent, Trojans, and Sony's anti-piracy system
    https://www.wilderssecurity.com/showthread.php?t=106170

    Norman SandBox with early detection of security risk created by DRM protected Sony
    https://www.wilderssecurity.com/showthread.php?t=105974

    MS Anti Spyware to wipe Sony Rootkit
    https://www.wilderssecurity.com/showthread.php?t=106421

    Will anti-rookit programs detect Sony rootkit?
    https://www.wilderssecurity.com/showthread.php?t=105494

    PestPatrol will detect and remove Sony's rootkit-enabled DRM software
    https://www.wilderssecurity.com/showthread.php?t=106454

    Is there any potential risks in Sony's BMG:s?
    https://www.wilderssecurity.com/showthread.php?t=105007
     
  2. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
  3. FanJ

    FanJ Guest

  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
  5. controler

    controler Guest

    I always thought the service should be stopped before deleting?

    net stop $sys$aries

    NO?

    controler
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Still learning them but are not most rootkits drivers and is not aries.sys a driver ?
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Sony's 'Rootkit' Is on 500,000 Systems
    .

    Story
     
  9. J at A

    J at A Guest

  10. FanJ

    FanJ Guest

    Last edited by a moderator: Nov 17, 2005
  11. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Mark's Sysinternals Blog....Wednesday, November 16, 2005


     
  12. blackimp

    blackimp Registered Member

    Joined:
    Feb 27, 2004
    Posts:
    5
  13. FanJ

    FanJ Guest

  14. controler

    controler Guest

    Bubba and VXD's are drivers too LOL


    bought a new Neil Diamond CD today with the rootkit on it at Best Buy;)
     
  15. FanJ

    FanJ Guest

  16. controler

    controler Guest

    UnHackMe Pro

    Labled as Hacker Defender

    1. Scan for viruses:

    C:\WINDOWS\CDProxeyServ.exe

    c:\WINDOWS\system\$sys$filesystem\$sys$DRMServer

    C:\WINDOWS\SYSTEM32\DRIVERS\$sys$COR.SYS

    2. Checkme Now;

    $sys$aires

    $sys$cor

    $sys$crater

    $sys$DRMServer

    $sys$lim

    $sys$oct

    Regrun reanimator shows the same VXD Driver with the $sys$ prefix.

    & WIndows Core
     

    Attached Files:

  17. Yuppers

    Yuppers Guest

  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
  20. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
  21. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  22. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
  23. eyes-open

    eyes-open Registered Member

    Joined:
    May 13, 2005
    Posts:
    721
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    New Sony CD security risk found
    Story
     
  25. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
Loading...
Thread Status:
Not open for further replies.