RE: the "Sony/BMG" virus

["Todd Towles" <toddtowles () brookshires com>]

How to use Sony cloaking

1) Write standard virus/trojan
2)  Trick poor person to run on computer (easy right?)
3) Name it with $sys$
4) It is now cloaked by the Sony DRM.

Isn't too hard...you will see more and more, it won't be long before
spyware is using it to hide as well. Is it good? No, any virus or
spyware can have it's own rootkit hooks if they wanted. But if they use
Sony, they can claim they weren't not trying to hide..."some other
software" was hiding them. Botnet admins like smaller coded bot...no
need to add any code...just a file renamed...man even a folder rename
for that matter

Thanks Sony...

> -----Original Message-----
> From: full-disclosure-bounces () lists grok org uk 
> [mailto:full-disclosure-bounces () lists grok org uk] On Behalf 
> Of Michael Holstein
> Sent: Friday, November 11, 2005 8:23 AM
> To: Fergie
> Cc: full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] the "Sony/BMG" virus
>
> > Insofar as [just] yesterday's RootkitGate media blitz, let's review:
>
> Those lawsuit links refer to the class-action suit related to 
> the rootkit + DRM install itself.
>
> I'm more interested in it's use to cloak a virus, and the 
> potential legal liability that might create for the authors.
>
> 15 seconds on Google can provide a variety of rootkits .. I 
> suspect this is one of the first developed by a big-name 
> company (versus the customization you can get from some 
> hacker groups for a little donation).
>
> ~Mike.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/