Sony Rootkit Morphs into MalWare (litigation to follow)

November 10, 2005 2:23pm by Barry Ritholtz

Don’t say Sony wasn’t warned:

The DRM Rootkit (we first discussed it here, and it was widely analyzed here) has now been exploited by malicious virus writers:

Here’s what The Register had to say:

Virus writers have begun taking advantage of Sony-BMG’s use of rootkit technology in DRM software bundled with its music CDs.

Sony-BMG’s rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory.

"This means, that for systems infected by the Sony DRM rootkit technology, the dropped file is entirely invisible to the user. It will not be found in any process and file listing. Only rootkit scanners, such as the free utility RootkitRevealer, can unmask the culprit," warns Ivan Macalintal, a senior threat analyst at security firm Trend Micro

The malware arrives attached in an email, which pretends to come from a reputable business magazine, asking the businessman to verify his/her "picture" to be used for the December issue. If the malicious payload contained in this email is executed then the Trojan installs an IRC backdoor on affected Windows systems.

Romanian anti-virus firm BitDefender confirms that the malware is in the wild but a full technical analysis of the Trojan is yet to be completed. The response of anti-virus firms, some of which have only promised to flag up rather than block system changes made by Sony-BMG’s rootkit, remains unclear.

Let the class action Litigation begin!
(hey, might this be a violation of the DMCA?)

Source:
First Trojan using Sony DRM spotted
John Leyden
The Register, Thursday 10th November 2005 13:25 GMT
http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/

This content, which contains security-related opinions and/or information, is provided for informational purposes only and should not be relied upon in any manner as professional advice, or an endorsement of any practices, products or services. There can be no guarantees or assurances that the views expressed here will be applicable for any particular facts or circumstances, and should not be relied upon in any manner. You should consult your own advisers as to legal, business, tax, and other related matters concerning any investment. The commentary in this “post” (including any related blog, podcasts, videos, and social media) reflects the personal opinions, viewpoints, and analyses of the Ritholtz Wealth Management employees providing such comments, and should not be regarded the views of Ritholtz Wealth Management LLC. or its respective affiliates or as a description of advisory services provided by Ritholtz Wealth Management or performance returns of any Ritholtz Wealth Management Investments client. References to any securities or digital assets, or performance data, are for illustrative purposes only and do not constitute an investment recommendation or offer to provide investment advisory services. Charts and graphs provided within are for informational purposes solely and should not be relied upon when making any investment decision. Past performance is not indicative of future results. The content speaks only as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these materials are subject to change without notice and may differ or be contrary to opinions expressed by others. The Compound Media, Inc., an affiliate of Ritholtz Wealth Management, receives payment from various entities for advertisements in affiliated podcasts, blogs and emails. Inclusion of such advertisements does not constitute or imply endorsement, sponsorship or recommendation thereof, or any affiliation therewith, by the Content Creator or by Ritholtz Wealth Management or any of its employees. Investments in securities involve the risk of loss. For additional advertisement disclaimers see here: https://www.ritholtzwealth.com/advertising-disclaimers Please see disclosures here: https://ritholtzwealth.com/blog-disclosures/

twitter

facebook

What's been said:

Discussions found on the web:

whatbird commented on Nov 10

The Big Picture: Sony Rootkit Morphs into MalWare (litigation to follow)

Link: The Big Picture: Sony Rootkit Morphs into MalWare (litigation to follow). When Sony developed the Beta technology, it was the best…hands down. They even licensed a few other companies to sell it as well. Then they cancelled/non-renewed those ag…
Dean commented on Nov 11

Sony backs down:

http://apnews.myway.com//article/20051112/D8DQJN3G2.html
Nick commented on May 5

BitDefender detected the SONY without signatures.
join the forum: http://www.BDforum.at.tt

Posted Under

Intellectual Property

Foreign Skyscraper Purchases

Do Markets Care About Politics?

What's been said:

Posted Under

Sign Up for My Newsletter