Virus News. Thursday, November 10, 2005

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,750
Reaction score
1,209
New backdoor program uses Sony rootkit

Kaspersky Lab, a leading developer of secure content management
solutions that protect against viruses, Trojans, worms, spyware, hacker
attacks and spam announces that a new backdoor program has been
detected. This is the first malicious program to use Sony rootkit
technology to hide its presence in the system.

The media has already written extensively about how Sony BMG applied
rootkit technology to hide and protect DRM components used to prevent
disks from being copied. One highly unfortunate effect of Sony's
decision to use this rootkit was the possibility that malicious programs
might implement the same technology. Kaspersky Lab virus analysts can
confirm that this has now happened.

Today a backdoor program which utilizes the rootkit technology was
detected. Kaspersky Lab classifies the program as
Backdoor.Win32.Breplibot.b. The backdoor was mass mailed using spamming
technologies, and attached to a message which uses classic social
engineering techniques to entice the recipient into launching the
attachment. The attachment allegedly contains a photograph. Once the
user launches the attached file, the backdoor code will penetrate the
victim machine.

Breplibot.b is a file 10240 bytes in size, packed using UPX. When
launching, the backdoor copies itself to the Windows system directory as
$SYS$DRV.EXE. Using this name makes it possible for the Sony rootkit
technology to be used to hide the activity of the malicious program. Of
course, the backdoor's activity will only be hidden if DRM protection,
as used on some Sony Audio CDs, functions on the victim machine.

As usual, Kaspersky Lab warns users to be careful, and not to open email
from unknown senders, or open attachments to suspicious messages.

Kaspersky Anti-Virus databases have been updated to detect
Backdoor.Win32.Breplibot.b. Further information about the backdoor is
available in Analyst's Diary (http://www.viruslist.com/en/weblog), the
Kaspersky Virus Lab weblog. About Kaspersky Lab

Kaspersky Lab (www.kaspersky.com (http://www.kaspersky.com)) develops,
produces and distributes secure content management solutions that
protect customers from IT threats. Kaspersky Lab's products protect both
home users and corporate networks from viruses, spyware, adware,
Trojans, worms, hackers and spam. For many years now, the company has
waged a battle against malicious programs, and in doing so has gained
unique knowledge and skills that have resulted in Kaspersky Lab becoming
a technology leader and acknowledged expert in the development of secure
content management solutions. Today, Kaspersky Lab's products protect
more than 200 million users worldwide and its technology is licensed by
leading security vendors globally. To find out more about Kaspersky Lab,
visit www.kaspersky.com (http://www.kaspersky.com).


mucks uses Linux :cool:
 
Back
Top