Sony DRM Rootkit

Discussion in 'Computer Security' started by nemo_outis, Nov 1, 2005.

  1. nemo_outis

    traveler Guest

    traveler, Nov 6, 2005
    1. Advertisements

  2. As it did when I tested it with a Sony DVD.
    Ari Silversteinn, Nov 6, 2005
    1. Advertisements

  3. nemo_outis

    Max Burke Guest

    Totally different situation, and the MSRT is incapable of finding let alone
    removing rootkits.....
    The reason for that is because Microsoft did NOT design/program the MSRT to
    find/deal with rootkits.
    Max Burke, Nov 7, 2005
  4. nemo_outis

    Jim Watt Guest

    no its not, the basis of a trojan is to insert enemy forces
    and in computer terms provide remote access.

    Its yet another threat, like diallers, spyware and the other
    Jim Watt, Nov 7, 2005
  5. LOL. Is that you, BigBrother ?

    Must be why they're so anxious to confiscate all the handguns and
    ammunition in San Francisco. The "vote" (cough hanging-chad cough)
    is tuesday.
    holierthanthou, Nov 7, 2005
  6. Erm.. I believe that you snipped a little too much.

    I'd also suggest that you take-up the definition of "rootkit" with
    Microsoft - I stopped when I hit the first one listed as being handled by
    MSRT. In the KB article.

    "Not" is a very strong word to use, particularly since MS /did/ specifically
    design the MSRT to deal with malicious software. There's even a clue in the
    name ;o)

    As I said in the snipped portion, I personally prefer full-time AV vendor
    support - not just someone that MS happened to have borged.

    Hairy One Kenobi, Nov 7, 2005
  7. nemo_outis

    AZ Nomad Guest

    NO. A trojan is a friendly looking object with a hidden malicious component.
    It is shorthand for 'trojan horse'. Think about your history if you can.
    Remote access is irrelevent. The greeks during the trojan war, last time I
    checked, didn't have internet access.

    If I put a statement "If user == Jim Watt and date = 11/8/2005 then
    erase the hard drive" into a word processor and you get a copy and proceed to
    blow away your hard drive thinking you were just doing some word processing,
    it is a trojan. Remote access had nothing to do with it.

    and rootkits installed by audio CDs.
    AZ Nomad, Nov 7, 2005
  8. nemo_outis

    Jim Watt Guest

    wheras thanking you for your advice, having had a classical education
    as a child and read the story in ins original form, your ill informed
    comments are inappropriate.
    No you are simply demonstrating that when clues were handed out you
    were at the back of the line, walking on all fours and drooling.
    Tell that to the Greeks.
    Jim Watt, Nov 7, 2005
  9. I'd say that you're both right - the original definition of a Trojan was the
    sort of thing described (if I'd ever have written one, it would have been
    something written at college to look like a fake login screen for the
    mainframe, used to collect a password couplet, to store it in another
    compromised account, and then logout in a way that was untraceable to anyone
    below middle-admin level. Lucky I never did it, then..)


    The more modern (and, strictly speaking, inaccurate) term is to describe the
    payload, rather than the method used to deliver it.

    Personally, the "login to our website" crap that one gets on TV adverts is a
    damned sight (site?) more offensive to me, lexagrammatically. Ditto hacker
    vs. cracker.

    Wonder if there's an alt.pointless.semantics froup? ;o)

    Hairy One Kenobi, Nov 8, 2005
  10. nemo_outis

    Jim Watt Guest

    The original story was about the introduction of a payload by
    stealthy means. The elements involved in the process are
    deception, acceptance, the hidden delivery of something
    unexpected which then compromises security.

    A few soldiers walking around the city themselves not a
    problem until they open the gates.

    Then the analogy is complete.
    Jim Watt, Nov 8, 2005
  11. nemo_outis

    Steve Welsh Guest

    Go on, set one up - could be fun ;)
    Steve Welsh, Nov 8, 2005
  12. nemo_outis

    AZ Nomad Guest

    The key is that the soldiers wouldn't be in the city unless they were
    brought in when the trojan horse was taken into the city.
    Funny. That part of the story is never told. We don't hear about what the
    soldiers had for lunch either.
    AZ Nomad, Nov 8, 2005
  13. nemo_outis

    Jim Watt Guest

    You must be thinking of the disney version.
    Jim Watt, Nov 8, 2005
  14. Always a problem if you use rabbits instead of horses...

    Hairy One Kenobi, Nov 8, 2005
  15. Isn't what you explained only one kind of root-kit? user-mode?

    Aren't there others (system-mode) that hook directly into the system APIs.
    I read somewhere that removing one can render your machine unusable. I
    think they said something about other processes hooking into a method in
    your process that no longer exists. But I haven't figured that out yet.

    Isn't Mark R. able to disinfect a machine? Do you know how he's doing
    this (complete restore or VM)?
    fluidly unsure, Nov 10, 2005
  16. nemo_outis

    thunderbird Guest

    "The Register reports on the first trojan using Sony's DRM rootkit. A
    discovered variant of the Breplibot trojan makes use of the way Sony's
    rootkit masks files whose filenames begin with '$sys$'. This means that
    files renamed this way by the trojan are effectively invisible to the
    average user. The malware is distributed via an email supposedly from a
    reputable business magazing requesting that the businessperson verify
    his/her attached 'picture' to be used for an upcoming issue. Once the
    payload is executed, the trojan then installs an IRC backdoor on
    Windows systems."
    thunderbird, Nov 11, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.