First Trojan using Sony DRM spotted

Martin Brinkmann
Nov 10, 2005
Updated • Apr 29, 2013
Security
|
0

The first trojan using Sony's rootkit software to hide itself has been discovered by anti-virus companies. The register.co.uk:

"Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory."

This new Trojan can only be detected by special software like the freeware product Rootkit Revealer. The trojan seems to be spread by fake emails asking people to verify their picture.

Update: There has been a lot of talk about Sony's Rootkit. What we know is that the company used the technology on about 20 different music CDs that it shipped to retail channels. This reduces the likelihood of misuse considerably, considering that users not only had to play one of those music CDs in their PC, but also get that Trojan on their system somehow.

Here is the email that was used to distribute the trojan.

Hello,

Your photograph was forwarded to us as part of an article we are publishing for our December edition of Total Business Monthly.

Can you check over the format and get back to us with your approval or any changes?

If the picture is not to your liking then please send a preferred one.

We have attached the photo with the article here.

Kind regards,

Jamie Andrews

Editor

www.TotalBusiness.co.uk

**********************************************

The Professional Development Institute

And the attachment: Article+Photos.exe

A malicious IRC backdoor is then installed on the system which cannot be detected by normal security software if the Sony rootkit is running on the system.

The trojan then creates a startup key for itself in the Windows Registry, and connects to several IRC servers to wait for commands from the remote hacker. The malicious attacker can perform operations such as downloading, deleting or running files on infected machines without the user of the system ever knowing about it.

The trojan furthermore terminates processes of known security software to avoid detection and removal.

Advertisement

Related content

Intel

Microsoft publishes new Registry security mitigation for Intel processors (Spectre)

KeePassXC adds support for Passkeys, improves database import from Bitwarden and 1Password
Malwarebytes 5

First look at Malwarebytes 5.0
RustDoor malware targets macOS users by posing as a Visual Studio Update

RustDoor malware targets macOS users by posing as a Visual Studio Update
keys

KeePass 2.56 released: options search and history improvements
70 million account credentials were leaked in a massive password dump

70 million account credentials were leaked in a massive password dump

Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved