Interesting People mailing list archives
more on Sony Rootkit Morphs into MalWare (litigation to follow)
From: "David Farber" <dave () farber net>
Date: Thu, 10 Nov 2005 15:29:41 -0600
_______________ Forward Header _______________ Subject: Sony Rootkit Morphs into MalWare (litigation to follow) Author: Barry Ritholtz <britholtz () maximgrp com> Date: 10th November 2005 2:37:20 pm Hey Dave, At least no one can say Sony wasn't warned: The widely DRM Rootkit has now been exploited by malicious virus writers: Here's what The Register had to say: Virus writers have begun taking advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its music CDs. Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory. "This means, that for systems infected by the Sony DRM rootkit technology, the dropped file is entirely invisible to the user. It will not be found in any process and file listing. Only rootkit scanners, such as the free utility RootkitRevealer, can unmask the culprit," warns Ivan Macalintal, a senior threat analyst at security firm Trend Micro The malware arrives attached in an email, which pretends to come from a reputable business magazine, asking the businessman to verify his/her "picture" to be used for the December issue. If the malicious payload contained in this email is executed then the Trojan installs an IRC backdoor on affected Windows systems. Romanian anti-virus firm BitDefender confirms that the malware is in the wild but a full technical analysis of the Trojan is yet to be completed. The response of anti-virus firms, some of which have only promised to flag up rather than block system changes made by Sony-BMG's rootkit, remains unclear. First Trojan using Sony DRM spotted http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/ Let the class action Litigation begin! Barry L. Ritholtz Chief Market Strategist Maxim Group 405 Lexington Avenue, New York, NY 10174 (212) 895-3614 (800) 724-0761 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Big Picture: Macro perspectives on the Capital Markets, Economy, and Geopolitics http://bigpicture.typepad.com/comments ********************************************************************** This message is intended only for use by the intended party and may contain information that is privileged and/or confidential. If you are not the intended recipient, then any review, dissemination, replication or distribution of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately and delete this message and all attachments. Electronic communications routed to any employee of Maxim Group LLC ("Maxim") are for business purposes only. While messages are confidential, authorized management, legal and compliance personnel may review electronic messages. Electronic messages are also retained and would be provided upon request to an authorized regulatory body. Do not use email or instant messaging to request, authorize or effect the purchase or sale of any security, to send fund transfer instructions or to effect any other transactions. Maxim does not accept responsibility for transmission via electronic means of trade orders. No guarantee can be made by Maxim of timely execution of any trade order transmitted via electronic means including email and instant messaging. Information included in this email does not constitute a trade confirmation or an offer or solicitation of an offer to buy/sell securities. Past performance is not indicative of future returns. Any attachment(s) to this electronic communication that was not prepared by Maxim Group, LLC ("Maxim") has been unaltered, and is in its original form. Any recommendation, opinion, or advice regarding securities or markets contained in any documentation that was not prepared by Maxim does not necessarily reflect the views of Maxim, and Maxim does not verify any information included in such material. Lastly, Maxim and/or its employees or affiliates may have an interest in, or from time to time trade or make markets in the securities (and/or related derivatives) of the issues discussed in any attachment annexed hereto. ********************************************************************** ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Sony Rootkit Morphs into MalWare (litigation to follow) David Farber (Nov 10)