[IP] more on Sony Rootkit Morphs into MalWare (litigation to follow)

To: ip@xxxxxxxxxxxxxx
Subject: [IP] more on Sony Rootkit Morphs into MalWare (litigation to follow)
From: "David Farber" <dave@xxxxxxxxxx>
Date: Thu, 10 Nov 2005 15:29:41 -0600
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx

_______________ Forward Header _______________
Subject:        Sony Rootkit Morphs into MalWare (litigation to follow)
Author: Barry Ritholtz <britholtz@xxxxxxxxxxxx>
Date:           10th November 2005 2:37:20 pm

Hey Dave,

At least no one can say Sony wasn't warned: The widely DRM Rootkit has now been 
exploited  by malicious virus writers:

Here's what The Register had to say:

    Virus writers have begun taking advantage of Sony-BMG's use of rootkit 
technology in DRM software bundled with its music CDs.

    Sony-BMG's rootkit DRM technology masks files whose filenames start with 
"$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage 
of this to drop the file "$sys$drv.exe" in the Windows system directory.

    "This means, that for systems infected by the Sony DRM rootkit technology, 
the dropped file is entirely invisible to the user. It will not be found in any 
process and file listing. Only rootkit scanners, such as the free utility 
RootkitRevealer, can unmask the culprit," warns Ivan Macalintal, a senior 
threat analyst at security firm Trend Micro

    The malware arrives attached in an email, which pretends to come from a 
reputable business magazine, asking the businessman to verify his/her "picture" 
to be used for the December issue. If the malicious payload contained in this 
email is executed then the Trojan installs an IRC backdoor on affected Windows 
systems.

    Romanian anti-virus firm BitDefender confirms that the malware is in the 
wild but a full technical analysis of the Trojan is yet to be completed. The 
response of anti-virus firms, some of which have only promised to flag up 
rather than block system changes made by Sony-BMG's rootkit, remains unclear.

First Trojan using Sony DRM spotted
http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/

Let the class action Litigation begin!

Barry L. Ritholtz
Chief Market Strategist
Maxim Group
405 Lexington Avenue,
New York, NY 10174 
(212) 895-3614
(800) 724-0761
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Big Picture: Macro perspectives on the Capital Markets, Economy, and 
Geopolitics  
http://bigpicture.typepad.com/comments

**********************************************************************

This message is intended only for use by the intended party and may contain 
information that is privileged and/or confidential. If you are not the intended 
recipient, then any review, dissemination, replication or distribution of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately and delete this message and all 
attachments.

Electronic communications routed to any employee of Maxim Group LLC ("Maxim") 
are for business purposes only. While messages are confidential, authorized  
management, legal and compliance personnel may review electronic messages. 
Electronic messages are also retained and would be provided upon request to an 
authorized regulatory body.

Do not use email or instant messaging to request, authorize or effect the 
purchase or sale of any security, to send fund transfer instructions or to 
effect any other transactions. Maxim does not accept responsibility for 
transmission via electronic means of trade orders. No guarantee can be made by 
Maxim of timely execution of any trade order transmitted via electronic means 
including email and instant messaging. 

Information included in this email does not constitute a trade confirmation or 
an offer or solicitation of an offer to buy/sell securities. Past performance 
is not indicative of future returns.

Any attachment(s) to this electronic communication that was not prepared by 
Maxim Group, LLC ("Maxim") has been unaltered, and is in its original form.  
Any recommendation, opinion, or advice regarding securities or markets 
contained in any documentation that was not prepared by Maxim does not 
necessarily reflect the views of Maxim, and Maxim does not verify any 
information included in such material.  Lastly, Maxim and/or its employees or 
affiliates may have an interest in, or from time to time trade or make markets 
in the securities (and/or related derivatives) of the issues discussed in any 
attachment annexed hereto.

**********************************************************************

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Vint Cerf speaks out on net neutrality
Next by Date: [IP] Verizon's EVDO terms of use
Previous by thread: [IP] Vint Cerf speaks out on net neutrality
Next by thread: [IP] Verizon's New Slimmed-Down Unlimited Calling Plans Add Choice and Value in 9 East Coast Markets
Index(es):
- Date
- Thread