sharpy merc
join:2003-01-28
England | First Virus found that uses Sony Rootkit...
Well it's started.
»www.viruslist.com/en/weblog
When this story broke , they said months before this happend what is it 7-8 days. |
|
Vvian Kalyss
join:2003-10-14
Stage 5.0
clubs:
| Much as I love watching Sony getting it, this doesn't seem like a good idea (for malware writers, that is) - the chances of infecting a machine already borged by Sony's kit isn't high.
Yet 
--
Mikami Vvian, resident Girlfriend of Steel, care of the Tokyo-3 Middle Daughters Club |
|
sharpy merc
join:2003-01-28
England
1 edit | reply to sharpy merc
BUT if They do GET someone , what chance has the victim of finding this virus.
Pretty bloody slim. |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
 ·BTOpenworld
| reply to sharpy merc
So the general advice not to open .exe etc, should be amended to include not to run Sony disks 
Cudni
--
....nothing but a well informed optimistHelp yourself so God can help you |
|
sharpy merc
join:2003-01-28
England
1 edit | reply to sharpy merc
Considering the figures in this :
»news.bbc.co.uk/2/hi/technology/4378186.stm
A lot of people(22%) STILL open them. Thats UK figures. |
|
Diazruanova
Premium
join:2004-08-13
Mexico
| reply to sharpy merc
I found this info too on BitDefender´s site:
----------------------------------------
First Trojan Using Sony DRM Detected
DRM Abuse
A new trojan which uses the cover provided by the Sony DRM component to hide has been detected by BitDefender Labs at 12.15 PM GMT today. This is the first ever observed instance of malware using the Sony DRM rootkit detected and analysed by Mark Russinovich.
The trojan apparently installs an IRC backdoor on the affected system and may have other functions.
"We have been aware for some time that malware can be written which may exploit the Sony DRM component's hiding capabilities for its own good. Therefore, BitDefender software has been upgraded to include heuristic detection for all software trying to use this technique. The trojan is not very widely spread at this time, but its mere existence is a worrying confirmation of our concerns." declared Viorel Canja, Head of BitDefender Labs.
BitDefender users are protected against this new threat, since it is detected proactively and blocked. A signature update is also underway, to aid administrators in identifying the new threat.
--
Diazruanova |
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA | reply to sharpy merc
Sony, are you listening??  |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
 ·Shaw
| reply to sharpy merc
I can't believe that Sony was this far out of step with its consumer market and technology. What software product doesn't get analyzed up the whazoo anymore when its releases, did they think that no one would notice and second did they think that no one would mind? I can only imagine the backlash this is going to have as consumer trust in Sony takes a hit.
Now of course I'm sure that others had similar products ready for release and now that Sony has taken a pounding over theirs I'm betting there are all sort of companies racing back to the drawing boards.
Now that a Virus has been released that takes advantage of their product to further compromise a system, Sony's reputation will get thumped even further (think what the news headlines are going to read like), but it really makes me wonder just how insane Sony really is, I mean again you have to know that hackers are out there, and yes they would certainly love to take advantage of a preinstalled root kit on a large number of client systems, duh. I'm betting more then a couple heads are going to roll over this disaster and so they should.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
NyQuil Kid
8f The Nyquil Kid
join:2001-01-06
Brick, NJ
·Comcast
·Verizon Online DSL
| said by Link Logger  :I can't believe that Sony was this far out of step with its consumer market and technology... I can; usually it's the result of pressure from marketing people who haven't the faintest idea how a computer works.
[8F] The NyQuil Kid
--
[8F] The NyQuil Kid comes into town not looking for trouble...n00bz gang up, but he ain't seein' double,...pulls and draws, his deagles two...n00bz litter the ground you know it's true. |
|
aquias0
join:2005-09-05
Niagara Falls, NY
| I found this link highly interesting
»www.amazon.com/gp/product/custom···m02/ref=
It appears that consumers are really willing to "take the fight" to Sony on this one.
By the by, the link came from Alex Eck's Sunbelt blog (»sunbeltblog.blogspot.com/) |
|
BQuick
join:2003-11-05
Italy
| reply to sharpy merc
And same news from Kaspersky Newsletter:
1. New backdoor program uses Sony rootkit
Kaspersky Lab, a leading developer of secure content management
solutions that protect against viruses, Trojans, worms, spyware, hacker
attacks and spam announces that a new backdoor program has been
detected. This is the first malicious program to use Sony rootkit
technology to hide its presence in the system.
The media has already written extensively about how Sony BMG applied
rootkit technology to hide and protect DRM components used to prevent
disks from being copied. One highly unfortunate effect of Sony's
decision to use this rootkit was the possibility that malicious programs
might implement the same technology. Kaspersky Lab virus analysts can
confirm that this has now happened.
Today a backdoor program which utilizes the rootkit technology was
detected. Kaspersky Lab classifies the program as
Backdoor.Win32.Breplibot.b. The backdoor was mass mailed using spamming
technologies, and attached to a message which uses classic social
engineering techniques to entice the recipient into launching the
attachment. The attachment allegedly contains a photograph. Once the
user launches the attached file, the backdoor code will penetrate the
victim machine.
Breplibot.b is a file 10240 bytes in size, packed using UPX. When
launching, the backdoor copies itself to the Windows system directory as
$SYS$DRV.EXE. Using this name makes it possible for the Sony rootkit
technology to be used to hide the activity of the malicious program. Of
course, the backdoor's activity will only be hidden if DRM protection,
as used on some Sony Audio CDs, functions on the victim machine.
As usual, Kaspersky Lab warns users to be careful, and not to open email
from unknown senders, or open attachments to suspicious messages.
------------
Great job Sony!Thank you! |
|
pcdebb
I see you
Premium
join:2000-12-03
Tampa, FL
clubs:
| reply to aquias0
wow, the reviews are literally pouring in on that one (and i imagine any other sony cds). I tell you, my trust in Sony anything has been weakened by this episode.
--
babbling | Donate |
|
Kayrac
Premium
join:2001-09-29
Rochester, NH
| reply to sharpy merc
»securityresponse.symantec.com/av···nos.html
note it says this
Creates the following registry subkey:
HKEY_CURRENT_USER\WkbpsevaXImgvkwkbpXSmj`kswXGqvvajpRavwmkjXVqj
adding the following value to it:
"$sys$drv" = "$sys$drv.exe"
Note: Due to bugs in the code, the Trojan attempts, but fails, to create a registry subkey under the following subkey:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Run
looks like it won't be spreading since it can't make itself run :P |
|
NyQuil Kid
8f The Nyquil Kid
join:2001-01-06
Brick, NJ
·Comcast
·Verizon Online DSL
| What I found interesting was how this variant (and presumably any future ones) attempts to add itself as a trusted application in the Windows Firewall list. Now while I have seen/heard of other viral infections disabling firewalls, I wonder if any other firewall product would be susceptible or at the very least transparent to this type of modification.
Wonder if Vista's firewall will be better, since it is supposed to monitor outgoing as well as incoming connections.
[8F] The NyQuil Kid
--
[8F] The NyQuil Kid comes into town not looking for trouble...n00bz gang up, but he ain't seein' double,...pulls and draws, his deagles two...n00bz litter the ground you know it's true. |
|
catseyenu
Ack Pfft
Premium
join:2001-11-17
Fix East
| reply to Link Logger
said by Link Logger :I can't believe that Sony was this far out of step with its consumer market and technology. It's looking like Sony's been headed this direction since 2001.
»blogs.washingtonpost.com/securit···rne.html
quote:
Sony's Attitude Has a History
Sony CEO Howard Stringer, who kept the audience laughing throughout the night with a battery of quips, said, “Right now it would be possible for us, and I’ve often thought it would cheer me up to do it, you could dispatch a virus to anybody whose files contain us or Columbia records
--
Sometimes we look for straws to grab, sometimes we bend over and grab our ankles |
|
s25
@216.94.x.x | reply to sharpy merc
Would it be possible to get rid of this if you do a system restore in windows xp?
Quess I'm out of luck if I'm on 98  but I won't be getting this thats for sure. |
|
NyQuil Kid
8f The Nyquil Kid
join:2001-01-06
Brick, NJ
·Comcast
·Verizon Online DSL
| Good question, and probably an affirmative on that. What would be of interest is whether Windows creates a restore point automatically before the DRM installation, or whether a user should manually create a restore point.
[8F] The NyQuil Kid
--
[8F] The NyQuil Kid comes into town not looking for trouble...n00bz gang up, but he ain't seein' double,...pulls and draws, his deagles two...n00bz litter the ground you know it's true. |
|
NoSony
@207.35.x.x | reply to s25
No word about any of this on CNN yet. Did a quick site search. Nothing. |
|
mrchris
We don't miss you Bush
Premium
join:2002-10-01
North Babylon, NY
·Optimum Online
1 edit | reply to s25
said by s25 :Would it be possible to get rid of this if you do a system restore in windows xp? Quess I'm out of luck if I'm on 98 but I won't be getting this thats for sure. It is possible, as one of the reviewers sysrestored a week old restore point or something.
Edit: »www.amazon.com/gp/product/custom···tart=101
Could the topmost reviewer on this page be our news guy? |
|
Babar
Premium
join:2001-05-09
Washington | reply to sharpy merc
»www.boycottsony.us/ |
|
