Backdoor.win32.Breplibot.b: First exploit of the Sony rootkit
It’s started: Viruslist.com has information from Trend Micro about the first exploit of the vulnerabilities exposed by the Sony rootkit (the link goes to a monthly archive page, there’s no permalink on Viruslist.com’s site). The exploit is a spam mail containing an executable that copies itself to the host OS as $SYS$DRV.EXE and creates a registry key. No word yet on whether any other activity occurs after installation. Thanks to Michael for posting the link in the comments.
So: elapsed time from announcement of the vulnerability to first occurrence of an exploit in the wild: about ten days.
November 10th, 2005 at 4:01 pm
[…] Following up on this morning’s story is this Reuters article, which confirms the report from Viruslist and adds the information that the trojan being spread is the Stinx-E, which opens your machine to being controlled remotely. Proving that Sony’s DRM can cause actionable damage just got a lot easier. […]
November 18th, 2005 at 6:10 pm
[…] It was only last Thursday when security firms showed the world that “hackers were distributing malicious programs over the Internet that exploited … (Sony’s) antipiracy technology’s ability to avoid detection.” In other words, their antipiracy technology was, unbeknownst to users, leaving their computers vulnerable. […]