BQuick
join:2003-11-05
Italy
| Re: First Virus found that uses Sony Rootkit... And same news from Kaspersky Newsletter:
1. New backdoor program uses Sony rootkit
Kaspersky Lab, a leading developer of secure content management
solutions that protect against viruses, Trojans, worms, spyware, hacker
attacks and spam announces that a new backdoor program has been
detected. This is the first malicious program to use Sony rootkit
technology to hide its presence in the system.
The media has already written extensively about how Sony BMG applied
rootkit technology to hide and protect DRM components used to prevent
disks from being copied. One highly unfortunate effect of Sony's
decision to use this rootkit was the possibility that malicious programs
might implement the same technology. Kaspersky Lab virus analysts can
confirm that this has now happened.
Today a backdoor program which utilizes the rootkit technology was
detected. Kaspersky Lab classifies the program as
Backdoor.Win32.Breplibot.b. The backdoor was mass mailed using spamming
technologies, and attached to a message which uses classic social
engineering techniques to entice the recipient into launching the
attachment. The attachment allegedly contains a photograph. Once the
user launches the attached file, the backdoor code will penetrate the
victim machine.
Breplibot.b is a file 10240 bytes in size, packed using UPX. When
launching, the backdoor copies itself to the Windows system directory as
$SYS$DRV.EXE. Using this name makes it possible for the Sony rootkit
technology to be used to hide the activity of the malicious program. Of
course, the backdoor's activity will only be hidden if DRM protection,
as used on some Sony Audio CDs, functions on the victim machine.
As usual, Kaspersky Lab warns users to be careful, and not to open email
from unknown senders, or open attachments to suspicious messages.
------------
Great job Sony!Thank you! |
