Thursday, November 10, 2005

Hackers use Sony DRM software to hide Trojan

Via Reuters.

A computer security firm said on Thursday it had discovered the first virus that uses music publisher Sony BMG's controversial CD copy-protection software to hide on PCs and wreak havoc.

Under a subject line containing the words "Photo approval," a hacker has mass-mailed the so-called Stinx-E trojan virus to British email addresses, said British anti-virus firm Sophos.

When recipients click on an attachment, they install malware, which may tear down the firewall and gives hackers access to a PC. The malware hides by using Sony software that is also hidden -- the software would have been installed on a computer when consumers played Sony's copy-protected music CDs.

However, Mika writes over on the F-Secure "News from the Lab" Blog:

We wouldn't like to say "we told you so" but unfortunately this is one of those times you just have to do it.

We have just analyzed the first malware (Breplibot.b) that is trying to hide on machines that have Sony DRM software installed.

Luckily, the bot has a design flaw. If the Sony DRM rootkit is active (hiding) in the system during infection, the bot will not run at all. Moreover, the bot cannot survive a reboot because of a programming error. In any case, this is a very good example of why software should not use rootkit hiding techniques.

0 Comments:

Post a Comment

<< Home