more on Sony Rootkit Morphs into MalWare (litigation to follow)

["David Farber" <dave () farber net>]

_______________ Forward Header _______________
Subject:        Sony Rootkit Morphs into MalWare (litigation to follow)
Author: Barry Ritholtz <britholtz () maximgrp com>
Date:           10th November 2005 2:37:20 pm

Hey Dave,

At least no one can say Sony wasn't warned: The widely DRM Rootkit has now been exploited  by malicious virus writers:

Here's what The Register had to say:

    Virus writers have begun taking advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its 
music CDs.

    Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of 
the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory.

    "This means, that for systems infected by the Sony DRM rootkit technology, the dropped file is entirely invisible 
to the user. It will not be found in any process and file listing. Only rootkit scanners, such as the free utility 
RootkitRevealer, can unmask the culprit," warns Ivan Macalintal, a senior threat analyst at security firm Trend Micro

    The malware arrives attached in an email, which pretends to come from a reputable business magazine, asking the 
businessman to verify his/her "picture" to be used for the December issue. If the malicious payload contained in this 
email is executed then the Trojan installs an IRC backdoor on affected Windows systems.

    Romanian anti-virus firm BitDefender confirms that the malware is in the wild but a full technical analysis of the 
Trojan is yet to be completed. The response of anti-virus firms, some of which have only promised to flag up rather 
than block system changes made by Sony-BMG's rootkit, remains unclear.

First Trojan using Sony DRM spotted
http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/


Let the class action Litigation begin!






Barry L. Ritholtz
Chief Market Strategist
Maxim Group
405 Lexington Avenue,
New York, NY 10174 
(212) 895-3614
(800) 724-0761
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Big Picture: Macro perspectives on the Capital Markets, Economy, and Geopolitics  
http://bigpicture.typepad.com/comments




**********************************************************************

This message is intended only for use by the intended party and may contain information that is privileged and/or 
confidential. If you are not the intended recipient, then any review, dissemination, replication or distribution of 
this communication is strictly prohibited. If you have received this communication in error, please notify us 
immediately and delete this message and all attachments.

Electronic communications routed to any employee of Maxim Group LLC ("Maxim") are for business purposes only. While 
messages are confidential, authorized  management, legal and compliance personnel may review electronic messages. 
Electronic messages are also retained and would be provided upon request to an authorized regulatory body.

Do not use email or instant messaging to request, authorize or effect the purchase or sale of any security, to send 
fund transfer instructions or to effect any other transactions. Maxim does not accept responsibility for transmission 
via electronic means of trade orders. No guarantee can be made by Maxim of timely execution of any trade order 
transmitted via electronic means including email and instant messaging. 

Information included in this email does not constitute a trade confirmation or an offer or solicitation of an offer to 
buy/sell securities. Past performance is not indicative of future returns.

Any attachment(s) to this electronic communication that was not prepared by Maxim Group, LLC ("Maxim") has been 
unaltered, and is in its original form.  Any recommendation, opinion, or advice regarding securities or markets 
contained in any documentation that was not prepared by Maxim does not necessarily reflect the views of Maxim, and 
Maxim does not verify any information included in such material.  Lastly, Maxim and/or its employees or affiliates may 
have an interest in, or from time to time trade or make markets in the securities (and/or related derivatives) of the 
issues discussed in any attachment annexed hereto.

**********************************************************************





-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/