Archive for the 'Rootkit' Category

Microsoft steps up to the plate, kind of

Sunday, November 13th, 2005

CNET Microsoft will wipe Sony’s ‘rootkit’. Microsoft’s newly renamed Windows Defender, the software formerly known as the Windows Anti-Spyware Tool, has been updated to detect and remove the cloaking mechanism employed by Sony BMG’s XCP copy protection.
Unfortunately, it looks like Microsoft will leave the actual DRM mechanism intact.

Too little, too late?

Saturday, November 12th, 2005

Judging from the fury of some of the comments that came in last night at the hint of a suggestion that we might want to lift the boycott, now that Sony BMG has temporarily halted production of its rootkitted CDs, Sony’s move definitely comes too late to reverse the negative energy that has attached itself […]

Symantec: XCP removal tool

Friday, November 11th, 2005

Sony BMG’s decision to pull their DRM from the market—temporarily—doesn’t help those folks who already loaded the rootkit on their PCs. If you’re already infected by the Sony BMG/First4Internet rootkit, try this removal tool from Symantec.

More exploits of the Sony rootkit; news from AV vendors

Friday, November 11th, 2005 reports on additional variants of the exploit observed yesterday, called Backdoor.IRC.Synd.a and Backdoor.IRC.Synd.B, reported by the antivirus company BitDefender. I’m not sure if one of these is the same as Backdoor.win32.Breplibot.b; different vendors give the same virus different names.
ZoneAlarm is now the second anti-virus company, after CA, to claim that they can identify and […]

More lawsuits

Friday, November 11th, 2005

The latest BBC article on the rootkit brouhaha indicates that there are, at last count, six class action lawsuits pending. They also quote me, for what it’s worth.

Rootkit trojan plants a backdoor

Thursday, November 10th, 2005

Following up on this morning’s story is this Reuters article, which confirms the report from Viruslist and adds the information that the trojan being spread is the Stinx-E, which opens your machine to being controlled remotely. Proving that Sony’s DRM can cause actionable damage just got a lot easier.

Backdoor.win32.Breplibot.b: First exploit of the Sony rootkit

Thursday, November 10th, 2005

It’s started: has information from Trend Micro about the first exploit of the vulnerabilities exposed by the Sony rootkit (the link goes to a monthly archive page, there’s no permalink on’s site). The exploit is a spam mail containing an executable that copies itself to the host OS as $SYS$DRV.EXE and creates a […]

Sony: ‘What you don’t know won’t hurt you”

Tuesday, November 8th, 2005

Sony President of Global Digital Business Thomas Hesse dropped the most outrageous statement to date on their DRM nightmare during an NPR interview, in which he stated that “Most people, I think, don’t even know what a rootkit is, so why should they care about it?” Reaction on Digg, Gizmodo, Engadget, and Techdirt. Some day […]

Italy, Computer Associates: if it looks like spyware, it’s spyware

Tuesday, November 8th, 2005

If possible, this Sony rootkit case is generating even more interest abroad than it is here. I got a passel of Swedish readers from yesterday’s link on the Swedish IDG site, and last night/this morning Damian from the UK and Giorgio from Italy pointed separately to information about a criminal investigation against Sony in Italy.
The […]

All your rootkit are belong to us?

Monday, November 7th, 2005

And now for something lighter: seen at Damo’s Workspace, All Your Rootkit Are Belong to Us.
You know what you doing. Take off every “UPDATE31105.ZIP!” For great justice.