Backdoor.win32.Breplibot.b: First exploit of the Sony rootkit

It’s started: has information from Trend Micro about the first exploit of the vulnerabilities exposed by the Sony rootkit (the link goes to a monthly archive page, there’s no permalink on’s site). The exploit is a spam mail containing an executable that copies itself to the host OS as $SYS$DRV.EXE and creates a registry key. No word yet on whether any other activity occurs after installation. Thanks to Michael for posting the link in the comments.

So: elapsed time from announcement of the vulnerability to first occurrence of an exploit in the wild: about ten days.

2 Responses to “Backdoor.win32.Breplibot.b: First exploit of the Sony rootkit”

  1. The Sony Boycott Blog » Blog Archive » Rootkit trojan plants a backdoor Says:

    […] Following up on this morning’s story is this Reuters article, which confirms the report from Viruslist and adds the information that the trojan being spread is the Stinx-E, which opens your machine to being controlled remotely. Proving that Sony’s DRM can cause actionable damage just got a lot easier. […]

  2. » Sony’s Living Hell: Day 9 Update Says:

    […] It was only last Thursday when security firms showed the world that “hackers were distributing malicious programs over the Internet that exploited … (Sony’s) antipiracy technology’s ability to avoid detection.” In other words, their antipiracy technology was, unbeknownst to users, leaving their computers vulnerable. […]

Leave a Reply

You must be logged in to post a comment.