« EFF posts list of XCP CDs, plus tips and workarounds
Life without the majors »

Backdoor.win32.Breplibot.b: First exploit of the Sony rootkit

It’s started: Viruslist.com has information from Trend Micro about the first exploit of the vulnerabilities exposed by the Sony rootkit (the link goes to a monthly archive page, there’s no permalink on Viruslist.com’s site). The exploit is a spam mail containing an executable that copies itself to the host OS as $SYS$DRV.EXE and creates a registry key. No word yet on whether any other activity occurs after installation. Thanks to Michael for posting the link in the comments.

So: elapsed time from announcement of the vulnerability to first occurrence of an exploit in the wild: about ten days.

This entry was posted on Thursday, November 10th, 2005 at 7:50 am and is filed under Sony, Rootkit, Exploits. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Backdoor.win32.Breplibot.b: First exploit of the Sony rootkit”

  1. The Sony Boycott Blog » Blog Archive » Rootkit trojan plants a backdoor Says:
    November 10th, 2005 at 4:01 pm

    […] Following up on this morning’s story is this Reuters article, which confirms the report from Viruslist and adds the information that the trojan being spread is the Stinx-E, which opens your machine to being controlled remotely. Proving that Sony’s DRM can cause actionable damage just got a lot easier. […]

  2. BizzyBlog.com » Sony’s Living Hell: Day 9 Update Says:
    November 18th, 2005 at 6:10 pm

    […] It was only last Thursday when security firms showed the world that “hackers were distributing malicious programs over the Internet that exploited … (Sony’s) antipiracy technology’s ability to avoid detection.” In other words, their antipiracy technology was, unbeknownst to users, leaving their computers vulnerable. […]

Leave a Reply

You must be logged in to post a comment.