Anti Rootkit Blog

F-Secure, the Finnish anti virus firm have said that they informed Sony about the Rootkit that they had shipped on millions of music CD’s by well known artists. It turns out that in September a PC technician in America was trying to rid a PC of a nasty rootkit. .John Guarino who owns tecangels.com discovered it on some PC’s he was repairing. He noticed that the Rootkit appeared when he put a Sony CD by one of the now known artists into a PC.Guarino then sent an email to the Finnish Anti Virus Company F-Secure explaining what he had found. This was sent on Sept 30th 2005. F-Secure investigated his finings and notified Sony about the dangers. It wasnt until Oct 20th that F-Secure and First4Internet got together and F-Secure explained that hackers could use their Rootkit to hide files. First4Internet disagreed saying that nobody knew about so how could it be used.

It was around Oct 25th when Mark Russinovich discovered it using RootkitRevealer. He then informed the internet via his very popular blog. Sony were slow to act at any stage throughout events surely this will have lasting affects. They cant ssay they werent warned.

Keep Safe

regards
Steo
www.antirootkit.com

SpyCop today released a Press Release entitled “The Next Microsoft Windows Internet Epidemic Exposed” stating that Rootkits will be the next epidemic on the Internet. They go on to say that Rootkits have been around for a long time and are only now being more and more to hide suspicious activity from unsuspecting users. The fact that rootkits are available to script kiddies to hide the presense of a zombie pc or to hide the malicious program that is throwing up ads to you and generating the hacker plenty of income.In the light of the Sony BMG debacle they say that a lot more of conventional software authors are also using rootkits to hide certain functionality of the programs they are writing. This is a worrying trend as can be seen by the Stinx-E trojan found recently that uses the Sony Rootkit to hide itself from detection. If more authors use rootkit technology in their software they are putting us all in danger of the rootkit writers.

“The Next Microsoft Windows Internet Epidemic Exposed”

Keep Safe

regards
Steo
www.antirootkit.com

A new Trojan called Stinx-E has been detected which uses the Sony rootkit to hide itself from detection. Sophos detected the virus early in November after it was spammed to millions of email addresses around the world. The subject of the email was Photo Approval Deadline and the reader was asked if they would like their picture printed in the next installment of a Business magazine. The reader was invited to look at the photo attachment which is in fact a Trojan.If installed the trojan will provide a backdoor for hackers to get into your PC and no doubt other nasty things will happen to your PC. The trojan can hide itself by using Sonys Rootkit because Sony designed their Rootkit to hide any file that has $sys$ in its name. The trojan can remain hidden from detection by using $sys$ in the filenames of the files it uses. This means that no antivirus program can remove it because it simply can’t see it.

Keep Safe

regards
Steo
www.antirootkit.com

An independent security researcher, Dan Kaminsky has said that the Sony BMG Rootkit is on over a half a million systems throughout the world. The well known researcher was commenting on the the alarming number of people who have installed the Sony BMG Rootkit without knowing.The Rootkit was shipped with many CD’s that Sony released recently. The Rootkit was used to hide files that were being used by the Digital Rights Management software that was installed when the CD was played on a PC.The Rootkit that gets installed “phones home” by contacting a Sony server and looking for updates and other information. In order for the Rootkit to do this it must get the IP address of the server. To get this IP address it must ask a DNS server for the IP address. It was these requests to the DNS servers around the world that Dan based his findings on and they are pretty rock solid.

Details of Dan Kaminskys finding can be found on his homepage doxpara.com.

Keep Safe

regards
Steo
www.antirootkit.com

Sony BMG has said that it has temporarily suspended manufacture of music CDs that contain the controversial XCP copy-protection technology. The news came as virus writers were targeting the Sony BMG Rootkit and using it to hide itself from detection.Sony BMG has also declared that they will come up with new ways of using copy protection on their CDs. Sony had been putting Rootkit’s on CDs from artists like Neil Diamond, Celine Dion and Ricky Martin to name a few. The Rootkit was installed to hide its own copy protection mechanism. When news broke of Sony’s underhand methods virus writers used the opportunity to write viruses which used the Rootkit stealth capabilities.

Calls have been made for Sony to recall the CDs that have been shipped and for users who have bought infected CDs to return them for a refund. No doubt that there will be plenty of lawsuits on the way.

Keep Safe

regards
Steo
www.antirootkit.com

A big step has been taken by Microsoft to rid users of Windows of the Sony BMG Rootkit that was installed by thousands of users worldwide without their knowledge. This comes as more bad press for Sony who have been stung by the backlash from the publicity of their extremely bad customer relations.Microsoft has said that it will update Windows AntiSpyware and the Malicious Software Removal Tool as well as the online scanner on Windows Live Safety Center to detect and remove the Sony BMG Rootkit.

This news comes in the light of the latest Virus to use the Sony installed Rootkit to hide itself from conventional virus scanners. The virus called Stinx-E was mass mailed to British email addresses recently.

Keep Safe

regards
Steo
www.antirootkit.com