Trojan Using Sony DRM Rootkit Spotted

TheMSsForum.com: The Microsoft Software Forum

"The Register reports on the first trojan using Sony's DRM rootkit. A newly
discovered variant of the Breplibot trojan makes use of the way Sony's
rootkit masks files whose filenames begin with '$sys$'. This means that any
files renamed this way by the trojan are effectively invisible to the
average user. The malware is distributed via an email supposedly from a
reputable business magazing requesting that the businessperson verify
his/her attached 'picture' to be used for an upcoming issue. Once the
payload is executed, the trojan then installs an IRC backdoor on affected
Windows systems."

http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/

Imhotep
Top

Re: Trojan Using Sony DRM Rootkit Spotted by Notan

Notan
Thu Nov 10 17:28:33 CST 2005

Imhotep wrote:
>
> "The Register reports on the first trojan using Sony's DRM rootkit. A newly
> discovered variant of the Breplibot trojan makes use of the way Sony's
> rootkit masks files whose filenames begin with '$sys$'. This means that any
> files renamed this way by the trojan are effectively invisible to the
> average user. The malware is distributed via an email supposedly from a
> reputable business magazing requesting that the businessperson verify
> his/her attached 'picture' to be used for an upcoming issue. Once the
> payload is executed, the trojan then installs an IRC backdoor on affected
> Windows systems."
>
> http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/

It's hard to believe that anyone would fall for a "Your picture's going
to be on the front page of Newsweek" e-mail, but I know those people are
out there.

Thanks for the continued updates!

Notan
Top

Re: Trojan Using Sony DRM Rootkit Spotted by Imhotep

Imhotep
Thu Nov 10 19:50:27 CST 2005

Notan wrote:

> Imhotep wrote:
>>
>> "The Register reports on the first trojan using Sony's DRM rootkit. A
>> newly discovered variant of the Breplibot trojan makes use of the way
>> Sony's rootkit masks files whose filenames begin with '$sys$'. This means
>> that any files renamed this way by the trojan are effectively invisible
>> to the average user. The malware is distributed via an email supposedly
>> from a reputable business magazing requesting that the businessperson
>> verify his/her attached 'picture' to be used for an upcoming issue. Once
>> the payload is executed, the trojan then installs an IRC backdoor on
>> affected Windows systems."
>>
>> http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/
>
> It's hard to believe that anyone would fall for a "Your picture's going
> to be on the front page of Newsweek" e-mail, but I know those people are
> out there.
>
> Thanks for the continued updates!
>
> Notan

...thanks!

Imhotep
Top

Re: Trojan Using Sony DRM Rootkit Spotted by TAJ

TAJ
Sat Nov 12 18:46:51 CST 2005

I wonder if this is connected!

http://www.mercurynews.com/mld/mercurynews/business/13143677.htm


Top

Re: Trojan Using Sony DRM Rootkit Spotted by Jim

Jim
Sat Nov 12 21:26:39 CST 2005

"TAJ Simmons" <awesomebackgrounds@NOMORESPAM.nothing> wrote:

>I wonder if this is connected!
>
>http://www.mercurynews.com/mld/mercurynews/business/13143677.htm
>
Yes.
--
Jim Rusling
More or Less Retired
Mustang, OK
http://www.rusling.org
Top