Trojan Using Sony DRM Rootkit Spotted

← Back to Stories (view on slashdot.org)

Trojan Using Sony DRM Rootkit Spotted

Posted by Zonk on Thursday November 10, 2005 @05:15AM from the gift-from-sony-to-you dept.

Analise writes "The Register reports on the first trojan using Sony's DRM rootkit. A newly discovered variant of the Breplibot trojan makes use of the way Sony's rootkit masks files whose filenames begin with '$sys$'. This means that any files renamed this way by the trojan are effectively invisible to the average user. The malware is distributed via an email supposedly from a reputable business magazing requesting that the businessperson verify his/her attached 'picture' to be used for an upcoming issue. Once the payload is executed, the trojan then installs an IRC backdoor on affected Windows systems."

18 of 597 comments (clear)

Jobseekers rejoice! by Ooblek · 2005-11-10 05:17 · Score: 5, Funny

It's just a rumor, but Sony should have some Engineering and Executive positions open in 3....2....1...
1. Re:Jobseekers rejoice! by Guppy06 · 2005-11-10 05:44 · Score: 4, Funny
  
  " Remember: Sony didn't write the rootkit. They bought it from someone else."
  
  Remember: your Friendly Neighborhood Crack Dealer didn't grow the coca. They bought it from someone else.
2. Re:Jobseekers rejoice! by 3dr · 2005-11-10 05:53 · Score: 5, Funny
  
  No, you don't wait to get fired.
  
  If a task is against your principles, ask for a different task. If none exist, ask for a transfer. If impossible, then quit.
  
  Principles are greater than profits.
  
  Or you can be spineless and sell out.
Nice Job Sony by xlr8ed · 2005-11-10 05:18 · Score: 5, Funny

You might want to add a couple of more zeros to the settlement check you are thinking about
1. Re:Nice Job Sony by Devil's+BSD · 2005-11-10 06:11 · Score: 2, Funny
  
  from $100,000,000
  to $000,100,000,000.00?
  
  --
  I'm the Devil the Windows users warned you about.
Oh noes! by taskforce · 2005-11-10 05:19 · Score: 4, Funny

Early reports indicate the IRC backdoor is used by the propagator of the virus to bombard you with random chat messages from #windowshelp. So far the most common phrases appearing are "how do i reformat" and "how do i download the internet?"

--
My 3D Texturing Skinning work (under construction)
That's not all by JumperCable · 2005-11-10 05:19 · Score: 5, Funny

I hear the trojan witter is also using an unusual distribution method. Ricky Martin CDs.
Re:Rant Time... by freedom_india · 2005-11-10 05:22 · Score: 5, Funny

With California filing a class-action suit, i think more states and consumers should file suits NOT just for damaging their computers, but delibrate unauthorized entry into another person's property which is a crime.
Seriously i wish some Sony officials got what Worldcomm's Ebbers got: 25 years for entering into another property without permission, vandalism, etc. The less privileged have got far worse sentences for lesser crimes all along
And more so, Sony should replace EVERY affected computer with a brand new Vaio.

--
"Doing what i can, with what i have." ~ Burt Gummer
Ahhh, Sony by PhilHibbs · 2005-11-10 05:26 · Score: 5, Funny

It wouldn't be right if the day went by without a Sony Rootkit story on Slashdot. Seriously, I can't get enough of this story, it's what Slashdot was invented for.
Re:Rant Time... by xlr8ed · 2005-11-10 05:27 · Score: 5, Funny

Sony should replace EVERY affected computer with a brand new Vaio

That would be a crime in itself...
SONY, redefining DRM by Anonymous Coward · 2005-11-10 05:28 · Score: 5, Funny

Disappearing Rootkit Malware
Re:Rant Time... by mmzplanet · 2005-11-10 05:30 · Score: 4, Funny

"And more so, Sony should replace EVERY affected computer with a brand new Vaio." Upon the annoucement of this, Sony sees record sales of its DRM'd CDs.
Fun with $sys$ by Anonymous Coward · 2005-11-10 05:31 · Score: 5, Funny

Sony just loves everyone $sys$anally. They are the greatest company ever when it comes to technology $sys$that $sys$sucks. Everyone is gonna love $sys$to $sys$hate Sony, and they will $sys$not buy any Sony product that they see. It's because Sony loves $sys$to $sys$fuck $sys$with their customers.
1. Re:Fun with $sys$ by merphle · 2005-11-10 06:18 · Score: 3, Funny
  
  Could it be?! Is "$sys$" the new "^H^H^H"?
Re:A Natural Rights perspective by iambarry · 2005-11-10 05:39 · Score: 5, Funny

If I let you into my house yesterday, you have no right to be here today
While you may be correct WRT US property laws, it seems to me that vampire rules call for a vampire to have free reign over your house in perpetuity if they are ever invited in. Perhaps Sony is operating using Vapire law rather than US law?

BTW - irregardless
Re:Back again to Windows Security by jcostantino · 2005-11-10 05:45 · Score: 4, Funny

The delicious irony in that is that titles like, "Healthy in Paranoid Times," "Get Right With the Man," "Nothing is Sound," "The Invisible Invasion," "Phantoms," "Life in Agony," and "Suspicious Activity" all install the rootkit and compromise your computer.

--
Reviews with a twist! http://www.sardonicbastard.com
Re:Suprise suprise by froi · 2005-11-10 05:52 · Score: 5, Funny

I'm still waiting for a worm that uses the Sony rootkit to hide itself, spreads to many computers, and then DDoS sony.com. They'd have a hard time knowing what press release to put out if that ever happened.
That list of CDs can't be right by macslut · 2005-11-10 06:25 · Score: 3, Funny

That list of CDs can't be right. Those albums are all over the P2Ps. That's exactly what the rootkit is supposed to prevent from happening!