Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Trojan Horse Hides Using Sony Rootkit

By Nate Mook, BetaNews

November 10, 2005, 11:36 AM

What security experts have warned about Sony's DRM has come to pass, with a new trojan horse attempting to hide itself using techniques enabled by the company's anti-piracy software. Dubbed "Troj/Stinx-E" by Sophos, the application copies itself to a file called: $sys$drv.exe, which is hidden by Sony's copy protection.

F-Secure has named the malware "Breplibot.b," but says a code mistake will limit its damage. "Luckily, the bot has a design flaw. If the Sony DRM rootkit is active (hiding) in the system during infection, the bot will not run at all. Moreover, the bot cannot survive a reboot because of a programming error," explained F-Secure's Mika Pehkonen in a blog posting.

Add a Comment (19 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By Kramy

posted Nov 10, 2005 - 7:38 PM

Wait, so...to not get hit with this trojan I need to not remove Sony's rootkit?

Hmm... :/

Score: 0

By shy_one

posted Nov 10, 2005 - 5:18 PM

Probaly just a script kiddy with sloppy code the real virus/trojan writes are probaly looking at sonys code and coming up with ways to turn it into a real virus/trojan.

I wonder how long before websites become infected and inject Sonys rootkit into people systems theres more than enough idiots out there not running up to date antivirus/firewall software out there i say about a week if that.

Score: 0

By JacenSolo

posted Nov 10, 2005 - 3:58 PM

I knew it was only a matter of time.. -_-

Score: 0

By simko

posted Nov 10, 2005 - 2:56 PM

ok i dont support what sony has done.
But hoping that more hacker will abuse sonys drm and making other people pay for sonys mistake seems very bad.

The hacker dont do it to get sony mad they are doing it to destroy for the consumer.

eye for an eye isnt suited for modern thinking .

Score: 0

By Jedite

posted Nov 10, 2005 - 4:38 PM

Actually, given that not the flaw is not so wide spread, i wouldnt be surprised if the person who developed this Trojan actually did it to get the medias attention on Sony. I mean if you think about it, it does make some sense.

Score: 0

By 4wd

posted Nov 10, 2005 - 7:08 PM

One only hopes that the retards at Sony have their own copy-protection installed and some enterprising virus writer can make one to target specific IPs.

Did I say that......naughty ;)

Score: 0

By bourgeoisdude

posted Nov 10, 2005 - 2:02 PM

DoS on sony.com would be fitting...

Score: 0

By PC_Tool

posted Nov 10, 2005 - 2:59 PM

Sshh...

Be careful what you wish for. Especially on a public forum with knowledgable(?) programmers.

Wouldn't want to be considered as promoting felonious behaviour, ya know.

Score: 0

By bourgeoisdude

posted Nov 10, 2005 - 5:04 PM

Yeah you're right. I should be more careful, and in reality doing that would do more harm than good. Just a thought in the back of my head...like somebody else said, making a trojan to hurt others for Sony's mistake is a bad thing, and DoS sucks bandwidth from the zombie machines too (duh)

Score: 0

By wincement

posted Nov 10, 2005 - 2:33 PM

Oh what poetic justice!

Score: 0

By Cerviperus

posted Nov 10, 2005 - 2:29 PM

HaHaHa... this would be quite amusing!

Score: 0

By Jedite

posted Nov 10, 2005 - 1:48 PM

I hope they keep writting trojans and viruses for this flaw.

Sony as to pay for their ineptitude, and their freaking CEOs arrogance.

Score: 0

By elopez17

posted Nov 10, 2005 - 1:37 PM

To people that want to record Sony music with DRM

AnyDVD tackles Sony DRM Rootkit Virus
-------------------------------------

Since March 2005, Sony BMG is using a rootkit-based DRM system
on some newer audio CDs. This DRM system is a serious hazard
to each Windows based PC. Well known websites like F-Secure.com
and SysInternals.com (URLs below) are confirming this exposure.

If AnyDVD is installed and active on a PC, this new so-called
"Sony DRM Rootkit Virus" has no access to the operating system
and the affected audio CD appears unprotected regardless!

"What the heck Sony thought to themselves," SlySoft's CEO
Giancarlo Bettini was kidding, "maybe they wanna build their
own bot net?".

This "anti rootkit protection" is not a new function of AnyDVD,
rather it is the nature of AnyDVD to filter all undesired stuff
between a CD/DVD drive and the operating system. It is just one
example, how well AnyDVD's option to "Remove CD Digital Audio
Protection" is working.

AnyDVD v5.5.1.1
New: Added functionality to remove invalid VOBUs from a title set to the option to remove "Protection based on unreadable Sectors". This fixes the error message "Out of memory" from DVDShrink with some DVDs, which suffer from a certain mastering error.
Fix: The option to remove "Protection based on unreadable Sectors" could cause DVDShrink to abort with an "invalid Navigation structure" error with some DVDs, which suffer from a certain mastering error.
Fix: Setup program did not delete obsolete RegCheck.exe file from previous installations
Fix: Undesired high CPU use for several minutes when checking for program update via internet connection

http://www.bitburners.co..._Sony_DRM_Rootkit_Virus/

Score: 0

By beta_animal

posted Nov 10, 2005 - 12:44 PM

This really makes you wonder what the virus author's intentions are. Let's face it, there have been "20 or so" cds that have this form of copy protection that may have sold a few hundred thousand copies. In order to get this virus, you'd need to recieve an infected email, and a few hundred thousand copies of the Sony DRM software versus the infinite possibilities of email addresses makes you wonder just how many people will actually be infected.

Don't get me wrong, virus writing and distribution is inexcusable in all forms, but it's like somebody's trying to prove something. Trying to open the doors to litigation against Sony.

I doubt it'll ever be a "successful" virus from the point of view of havoc, destruction and data loss - infection rates would be far too low, but the sheer fact that Sony will be held responsible for a virus AS WELL AS dodgy DRM software... it might be "successful" in a completely different way!

Score: 0

By PC_Tool

posted Nov 10, 2005 - 12:58 PM

We can only hope.

Score: 0

By PC_Tool

posted Nov 10, 2005 - 12:37 PM

Most AV proggies should already have this pegged. If not, update or switch programs.

Score: 0

By tmaioli

posted Nov 10, 2005 - 12:19 PM

One word.....GOOD!

Score: 0

By drumcat

posted Nov 10, 2005 - 12:06 PM

Wow, beautiful. Nice going Sony.

The worst part is that Sony will soon start complaining that their drop in CD sales is due to P2P pirating...

Score: 0

By jshurst

posted Nov 10, 2005 - 11:55 AM

Well, at least there's a little good news in this article.

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue