Neowin.net - New backdoor program uses Sony rootkit

New backdoor program uses Sony rootkit

Posted by Daniel Fleshbourne on 11 November 2005 - 11:15 · 7 comments & 1922 views

The media has already written extensively about how Sony BMG appliedrootkit technology to hide and protect DRM components used to prevent disks from being copied. One highly unfortunate effect of Sony's decision to use this rootkit was the possiblity that malicious programs might implement the same technology. Kaspersky Lab virus analysts can confirm that this has now happened.

Today a backdoor program which utilizes the rootkit technology was detected. Kaspersky Lab classifies the program as Backdoor.Win32.Breplibot.b. The backdoor was mass mailed using spamming technologies, and attached to a message which uses classic social engineering techniques to entice the recipient into launching the attachment. The attachment allegedly contains a photograph. Once the user launches the attached file, the backdoor code will penetrate the victim machine.

View: More Info

News source: kaspersky.com

Breplibot.b is a file 10240 bytes in size, packed using UPX. When launching, the backdoor copies itself to the Windows system directory as $SYS$DRV.EXE. Using this name makes it possible for the Sony rootkit technology to be used to hide the activity of the malicious program. Of course, the backdoor's activity will only be hidden if DRM protection, as used on some Sony Audio CDs, functions on the victim machine.

As usual, Kaspersky Lab warns users to be careful, and not to open email from unknown senders, or open attachments to suspicious messages.

Hide additional information

About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline

Total votes: 0

Bookmark on del.icio.us

Advertisement

#1 Posted by Chaoserver on 11 Nov 2005 - 11:17: Sony really made a mistake this time it seems.

#2 Posted by Zerosignull on 11 Nov 2005 - 11:33: What peves me of most about this is all the game hacks that are going to take adtantage of this rootkit. Lets face it any anti cheating system that scans ure computer for running componets that are aim bots, wall hacks etc are not going to find them. The warden has been cercomvented alread and when are we to expect Punkbuster to be cercomvented? and valve's anti cheat software? Sony may have just caused a majour issue socially for games players.

#3 Posted by Mando on 11 Nov 2005 - 12:16: does anyone else reckon sony should be held legally responsible for this? After all its thanks to them and thier draconian measures that has made this possible?

scumbags

#4 Posted by cub-x on 11 Nov 2005 - 12:20: thanks to those morrons at sony..

(someone should get shot over there and be held responsible for all windows-problems in future caused by this stupid, morronic, rootkit)

#5 Posted by cub-x on 11 Nov 2005 - 12:24: and while we're at it.. sony should be kicked of this planet completely..

(at least I can say that I don't fund their "protection" department by buying their cd's or even hardware)

#6 Posted by mr_demilord on 11 Nov 2005 - 16:13: Next year they are also sold in The Netherlands

#7 Posted by Tech001101 on 11 Nov 2005 - 19:10: damn those malicious coders.

[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Scroll to the Top