Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    AV Firms Say New Trojan Uses Sony DRM Rootkit

    By
    Paul F. Roberts
    -
    November 10, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Anti-virus firms are warning computer users about a new malicious program that attempts to hide on victims computers by taking advantage of maligned DRM (digital rights management) technology from Sony BMG.

      Symantec Corp., Sophos PLC and Bit Defender, part of Romanian company SOFTWIN, all issued alerts about Trojan horse programs that can become completely invisible on Windows systems with the Sony DRM technology installed.

      The program, which goes by the name “Backdoor.IRC.Snyd.A” and “Backdoor.Ryknos,” was discovered on Wednesday and is considered a low threat.

      However, the appearance of malicious software that takes advantage of a cloaking feature in technology developed by Sony by UK firm First 4 Internet Ltd. makes good on the dire predictions of security researchers, who speculated that hackers could use the “rootkit” style DRM technology to hide their own malicious programs.

      /zimages/1/28571.gifSonys second rootkit DRM patch doesnt hush critics. Click here to read more.

      Sony did not respond to requests for comment in time for this article.

      Sonys rights management technology—called “sterile burning”—were shipped on CDs by around 20 Sony BMG artists along with a custom media player that must be used to play and make a limited number of copies of the CD on a Windows PC.

      Using code written by First 4 Internet, the DRM technology manipulates the Windows core processing center, or “kernel,” to make it almost totally undetectable on Windows systems and nearly impossible to remove without fouling Windows, much like malicious programs known as “rootkits.”

      Sonys efforts to hide the anti-piracy programs erupted into a controversy last week, after Windows expert Mark Russinovich discovered the cloaked software on his own computer and published a detailed analysis of it on his blog at Sysinternals.com.

      Russinovichs analysis of First 4 Internets code showed that the rootkit programs hid any file with a name that began with the characters $sys$, rather than looking for and hiding the specific files used by the media player for copyright enforcement.

      At the time, he speculated that others who gained access to Windows systems with the sterile burning technology on it could also hide their programs simply by assigning them names that began with $sys$.

      The new Trojan program does just that, copying itself from an e-mail attachment to a file called $sys$drv.exe, according to the BitDefender Web site.

      The Trojan program has remote control “bot” features that allow the infected system to be controlled by a remote attacker using IRC (Internet Relay Chat) communications, Symantec Corp. said in a statement.

      Sophos researchers have received a number of copies of the program attached to e-mails from what is believed to be a spam campaign, said Graham Cluley, a senior technology consultant at Sophos.

      /zimages/1/28571.gifClick here to read more about rootkit sprouting on networks.

      The e-mail messages were mainly sent to business e-mail addresses and claimed to be from Total Business Monthly, a UK business periodical.

      “It didnt require Einstein to do this,” Cluley said. “Theyre just exploiting the vulnerability that Sony introduced with its copy protection.”

      Faced with mounting criticism of its DRM technology, Sony BMG quickly released a software patch to disable it. The company also posted instructions for obtaining a program that could re-move the DRM technology altogether.

      However, it is unclear how many copies of the sterile burning technology have been installed, and users who have installed it would have a hard time finding it on Windows without advanced knowledge of the operating systems and diagnostic tools, Russinovich and others have noted.

      Consumers in California filed a class action lawsuit on Nov. 1 to stop Sony from distributing the CDs, and seeking monetary damages for consumers who already purchased CDs with the sterile burning technology on it, according to a published report.

      Security companies are taking different approaches in dealing with the DRM feature. Symantec has labeled the First 4 Internet DRM features a “security risk” and points customers to a software update on Sony BMGs Web site to remove the stealth features.

      Earlier in the week, Computer Associates International Inc. said that their security programs would label the First 4 Internet programs a “rootkit.” Sophos will release an update Thursday that will detect the First 4 Internet program and allow users to disable it and the Sony media player, Cluley said.

      “I think people would rather lose out on listening to Celine Dion on their PC than have the security vulnerability,” Cluley said.

      /zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Avatar
      Paul F. Roberts

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×